09-22-2006 12:10 PM
I was handed over yesterday our Dr site and there is a PIX 515 installed there.
I switched it so it points to our tacacs+ server.
While I can ssh to its netowrk interface I keep failing the console logging!!!
here is the output:
DR-TERMSERVER#pix515
Trying pix515 (10.1.1.1, 2036)... Open
User Access Verification
Username: admin
Password:
Password: ********
Username: admin
Password: *******
Access denied.
DR.PIX515> en
Username: admin
Password: *******
Username: admin
Password: *******
Username: admin
Password: *******
Access denied.
DR.PIX515> en
My aaa config is:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5
aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication secure-http-client
aaa authentication ssh console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
What am I missing?
Does tacacs+ have a problem with the pix ( the cosultants were using ACS)
thank you ,
Alban
09-24-2006 04:36 AM
Hi Alban,
In the following two commands:
aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5
aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5
Did you omit the tacacs key intentionally? or forgot it, otherwise the authentication with TACSCS server will fail.
Also try to verify PIX address and the key at the TACACS server side.
I recommend you to try the command
09-27-2006 04:29 PM
Please try adding the following command and then check the Authentication
aaa authentication serial console TACACS+ LOCAL
10-02-2006 09:17 AM
Try "enable_15"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: