[c-nsp] TACACS+ and PIX
Brant I. Stevens
branto at branto.com
Sun Dec 19 10:31:25 EST 2004
It will work, it is just that if you need to get into enable mode while the
TACACS server is unavailable (offline maintenance on the PIX), you won't be
able to; at least in the early 6.3.x versions of code.
On 12/18/2004 12:27 AM, "Marty Adkins" <adkins at netcraftsmen.net> wrote:
> Brian Feeny wrote:
>>
>> I did read about that.
>>
>> But regardless, would be nice if I could figure out how to do AAA enable
>> auth for the pix to a TACACS+ server, anyone know how to do this?
>>
> This is working fine for me to a FWSM (module in a Cat6500) running code
> which is essentially PIX 6.0. The auth server is Cisco ACS 3.1.x
>
> aaa-server TACACS+ protocol tacacs+
> aaa-server TACACS+ (outside) host xxx.xxx.xxx.xxx <key> timeout 3
> aaa-server RADIUS protocol radius
> aaa-server LOCAL protocol local
> aaa authentication telnet console TACACS+
> aaa authentication ssh console TACACS+
> aaa authentication enable console TACACS+
> aaa authentication http console TACACS+
>
> - Marty
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list