[c-nsp] PIX access
Alban Dani
albcisco at gmail.com
Fri Sep 22 16:09:08 EDT 2006
I was handed over yesterday our Dr site and there is a PIX 515 installed
there.
I switched it so it points to our tacacs+ server.
While I can ssh to its netowrk interface I keep failing the console
logging!!!
here is the output:
DR-TERMSERVER#pix515
Trying pix515 (10.1.1.1, 2036)... Open
User Access Verification
Username: admin
Password:
Password: ********
Username: admin
Password: *******
Access denied.
DR.PIX515> en
Username: admin
Password: *******
Username: admin
Password: *******
Username: admin
Password: *******
Access denied.
DR.PIX515> en
My aaa config is:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server TACACS+ (VPNDMZ) host R-UTIL1 key timeout 5
aaa-server TACACS+ (VPNDMZ) host V-MON1 key timeout 5
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication secure-http-client
aaa authentication ssh console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
What am I missing?
Does tacacs+ have a problem with the pix ( the cosultants were using ACS)
thank you ,
Alban
More information about the cisco-nsp
mailing list