AAA Authentication

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

Re:AAA Authentication

Post by Guest » Mon Feb 15, 2010 4:01 am


Hi,Yes, I can see that you can ping and telnet   the tacacs server. You're correct, both [3] and [4] steps can only be verified if we have access to ACS under network configuration and system configuration.Please first run the debugs and then Also run this command on the routerrouter#test aaa group tacacs+ <username> <password> legacyHTHJKPlz rate helpful posts-

Guest

Re:AAA Authentication

Post by Guest » Mon Feb 15, 2010 4:35 am


I feel like we are getting close and all thanks to you!!The output is as follows:#test aaa group tacacs+ <__> <__> legacy Attempting authentication test to server-group tacacs+ using tacacs+No authoritative response from any server.PR

Guest

Re:AAA Authentication

Post by Guest » Mon Feb 15, 2010 5:32 am


Did you check the shared secret key, on ACS NDG key over rites  aaa-client key.Make sure key is not an issue.Regards,~JG

Guest

Re:AAA Authentication

Post by Guest » Mon Feb 15, 2010 6:00 am


I figured out what the problem was, it seems the IOS version that is running on the router didn't like the encrypted key.when I inserted the non-encrypted version everything worked fine.Thanks for all your help, sincerly.Mav

Guest

Re:AAA Authentication

Post by Guest » Mon Feb 15, 2010 6:34 am


Hi Mav,Thanks for sharing the solution :) That is why I asked you to run the debugs. Just wanted to share with you that whenever we have key mis-match issue.We will see thses kind of debugs:AUTHEN/START/LOGIN/ASCII queuedTAC+: AUTHEN/START/LOGIN/ASCII processedTAC+: decrypt: pak is unencrypted but we have a keyTAC+: Unable to decrypt data from SERVER OR NAS.TAC+: Closing TCP/IP 0x765C2C connectionOR TAC+: CHECK THE KEYSAlso, IOS should take the encrypted key. As fas as I know there is no known issue. make sure that you had the correct encrypted. It should work.On the IOS, we should service password-encryption available.Do let me know if you have any query.HTHJKPlz rate helpful posts-

Post Reply