Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member


after erasing the config file and reloading the pix, the following lines are missing from the show run:

Aaa-server TACACS+ max-failed-attempts 3

Aaa-server TACACS+ deadtime 10

Aaa-server RADIUS max-failed-attempts 3

Aaa-server RADIUS deadtime 10

If you try to add them the pix errors giving you syntax is incorrect.

I currently have 3 devices doing this.

they are all running 6.3.5

New Member

Re: aaa-server

Do have a Tacacs and a Radius server in your environment? If not, it could be that they were once there and those commands entered, then removed. The point is, if you do not have the servers, these commands are irrelevant.

If you don't have the servers specified, you could experiment by doing the following.

aaa-server TACACS+ (inside) host thekey timeout 20

aaa-server RADIUS (inside) host thekey timeout 20

The above commands should be on one line. After that, you might be able to put the above commands in the config.

New Member

Re: aaa-server

No I don't have a TACACS+ or Radius server these commands are native in the pix as they come from Cisco. Without these in the pixws they will not create a tunnel to our ASA5510.

New Member

Re: aaa-server

You would have an extremely unique configuration for that to keep an l2l tunnel from coming up. My guess I'd that you are missing your ore shared key. It was likely hidden in the original config.

CreatePlease to create content