Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Hi,Yes, I can see that you can ping and telnet the tacacs server. You're correct, both  and  steps can only be verified if we have access to ACS under network configuration and system configuration.Please first run the debugs and then Also run this command on the routerrouter#test aaa group tacacs+ <username> <password> legacyHTHJKPlz rate helpful posts-
Hi Mav,Thanks for sharing the solution That is why I asked you to run the debugs. Just wanted to share with you that whenever we have key mis-match issue.We will see thses kind of debugs:AUTHEN/START/LOGIN/ASCII queuedTAC+: AUTHEN/START/LOGIN/ASCII processedTAC+: decrypt: pak is unencrypted but we have a keyTAC+: Unable to decrypt data from SERVER OR NAS.TAC+: Closing TCP/IP 0x765C2C connectionOR TAC+: CHECK THE KEYSAlso, IOS should take the encrypted key. As fas as I know there is no known issue. make sure that you had the correct encrypted. It should work.On the IOS, we should service password-encryption available.Do let me know if you have any query.HTHJKPlz rate helpful posts-