Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX console login

I was handed over yesterday our Dr site and there is a PIX 515 installed there.

I switched it so it points to our tacacs+ server.

While I can ssh to its netowrk interface I keep failing the console logging!!!

here is the output:

DR-TERMSERVER#pix515

Trying pix515 (10.1.1.1, 2036)... Open

User Access Verification

Username: admin

Password:

Password: ********

Username: admin

Password: *******

Access denied.

DR.PIX515> en

Username: admin

Password: *******

Username: admin

Password: *******

Username: admin

Password: *******

Access denied.

DR.PIX515> en

My aaa config is:

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5

aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication secure-http-client

aaa authentication ssh console TACACS+ LOCAL

aaa authentication http console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL

What am I missing?

Does tacacs+ have a problem with the pix ( the cosultants were using ACS)

thank you ,

Alban

3 REPLIES
New Member

Re: PIX console login

Hi Alban,

In the following two commands:

aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5

aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5

Did you omit the tacacs key intentionally? or forgot it, otherwise the authentication with TACSCS server will fail.

Also try to verify PIX address and the key at the TACACS server side.

I recommend you to try the command this will provide you detailed information about all traffic and events exchanged between the server and the PIX and you will see failed events.

New Member

Re: PIX console login

Please try adding the following command and then check the Authentication

aaa authentication serial console TACACS+ LOCAL

New Member

Re: PIX console login

Try "enable_15"

148
Views
0
Helpful
3
Replies
CreatePlease to create content