Hi Deepak, We just recently discussed it here that if you have CBAC/ZFW in the path of TACACS traffic and your dutifully included TACACS for inspection it will still not work because TCP port 49 is not allowed by PAM.
Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Deepak N Sent: Tuesday, June 12, 2012 5:44 PM To: OSL CCIE-Security Subject: [OSL | CCIE_Security] AAA Servers Hi, For the ACS to listen on the tcp/49 port, is it really required that we have the ACS server added under Network Configuration --> NDG --> AAA Servers. And should the server be selected under Proxy Distribution Table as well? I'm talking about a shared pod, where people run their ACS on different ip addresses. I had also faced an issue with ACS not responding one time when i took the lab, not sure if it was due to this. Would like to know what all steps we should take in case we end up with ACS not responding during the lab. I see routing , adding the client , shared secret, holes in firewall to allow acs traffic in the checklist, anything else? Thanks.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
