Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

TACACS+ authentication for IPSec does not work on routers running Cisco IOS version 12.3

Core issue

This issue occurs due to the presence of the Cisco bug ID CSCec59692.

Routers that terminate VPN client connections on Cisco IOS  12.3 code fail to authenticate users through TACACS+. The authentication of other users, such as dial-in users, functions fine to TACACS+. When requests leave the router to the TACACS+ server, the authentication does not fail.

This problem occurs in Cisco IOS 12.3 mainline and 12.3T-based codes. The current suspicion is that prior code is not affected. This issue is not observed on non-VPN traffic.

Refer to all affected versions for a list of other Cisco IOS versions that hit this bug.


As a workaround, either use local authentication, or download and upgrade the Cisco IOS version to one of these versions:

  • 12.4(2.10)

  • 12.4(2.10)T