Hello guys, My curiosity needs to be satisfied once again. I may be doing it wrong but I wish to know why it doesn't work the way I was thinking. Anyways, there's ACS42 with FIREWALLS network device group defined in Network Interface section. Then I add the ASA firewall as AAA client under this FIREWALLS NDG specifying the name of the ASA, IP address, the shared key and TACACS+ as the protocol. The ASA is configured accordingly to match the above said:
aaa-server ACS42 protocol tacacs+ aaa-server ACS42 (inside) host 192.168.1.152 key cisco123 When I test a user authentication from the ASA against this ACS server I end up with the shared key mismatch: LABASA(config)# test aaa-server authen ACS42 host 192.168.1.152 username cisco$ INFO: Attempting Authentication test to IP address <192.168.1.152> (timeout: 12 seconds) ERROR: Authentication Server not responding: AAA decode failure.. server secret mismatch But when I enter the ASA as an AAA client not belonging to any NDG in ACS the authentication goes through without any problems, i.e. the ASA is added under (Not Assigned) NDG. As a comparison, when I do the same thing with the router, i.e. adding the router to the specific NDG the authentication goes through as a charm. Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
