RE: Problem with ACS

From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Wed Apr 11 2007 - 14:31:54 ART

• Next message: David Mann: "Re: Problem with ACS"
• Previous message: daniel : "facing problem in CBAC"
• Maybe in reply to: CCDesire: "Problem with ACS"
• Next in thread: David Mann: "Re: Problem with ACS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just wondering:

Your acs logs should not be blank Unless you are not logging anything. You might
want to turn them on. If they are blank then it's like the service is not
listening to requests or getting the request. Under reports and activities what
does the appliance status page state for the basic configuration (tcp/udp ports
open). Are the ports open?

 Are you filtering any ip addresses in the acs client setup?

DMT

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Luu Hoang Dung
> Sent: Wednesday, April 11, 2007 1:10 PM
> To: ccielab@groupstudy.com
> Subject: RE: Problem with ACS
>
> I tried to use the *ip tacacs source-interface ethernet0/0 *
>
> The result still is "authentication failed"
>
>
> ------------------------------
>
> *From:* Greg Wendel [mailto:gwendel@gmail.com]
> *Sent:* Wednesday, April 11, 2007 10:13 AM
> *To:* Marvin Greenlee
> *Cc:* CCDesire; Cisco certification
> *Subject:* Re: Problem with ACS
>
>
>
> I would guess your problem is that you are missing the ip
> tacacs source-interface command
>
> On 4/10/07, *Marvin Greenlee* < marvin@ipexpert.com> wrote:
>
> Are there other devices in the data path between your router
> and the ACS server?
>
> Do you get the same response (connection is refused) if you
> telnet from the router to the ACS server on TCP port 49 ?
>
> Are you getting this message when you try an authentication
> from the router locally (using the 'test aaa' command)?
>
> Do you only get the 'connection refused' when trying to
> connect to the router from somewhere else? If only when
> trying to connect to the router from somewhere else, is there
> any configured access-class/ACL blocking traffic to the router?
>
> Are you able to authenticate to the ACS server from the
> router using RADIUS?
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec) Senior Technical
> Instructor - IPexpert, Inc.
> "When Will You Be an IP Expert?"
> marvin@ipexpert.com
> http://www.IPexpert.com <http://www.ipexpert.com/>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of CCDesire
> Sent: Tuesday, April 10, 2007 9:37 PM
> To: 'Cisco certification'
> Subject: Problem with ACS
>
> Dear group,
>
> I have the following error message every time I try to
> authenticate routers to the Tacacs+ Server in Cisco Secure ACS:
>
>  Connection is refused by remote host
>
>
>
> I tried different ways to fix this problem but still unsuccessful.
>
> Router-to-be-authenticated can ping Server, all firewall on
> server are closed (ACS with W2K server).
>
> The hostname, the IP and the shared-key for the router is
> correctly configured.
>
>
>
> This is what I configured about authentication:
>
> Aaa new-model
>
> Aaa authen login default group tacacs local
>
>
>
> Tacacs-server host 206.222.152.1 single
>
> Tacacs-server key ventu
>
>
>
>
>
> Pls help me troubleshoot this problem.
>
>
>
>
> --
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.17/731 - Release
> Date: 3/23/2007
> 3:27 PM
>
>
>
> --
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.17/731 - Release
> Date: 3/23/2007
> 3:27 PM
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
> --
> Gregory Wendel
> Springfield VA, 22153
>
> --
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.17/731 - Release
> Date: 3/23/2007
> 3:27 PM
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information.

• Next message: David Mann: "Re: Problem with ACS"
• Previous message: daniel : "facing problem in CBAC"
• Maybe in reply to: CCDesire: "Problem with ACS"
• Next in thread: David Mann: "Re: Problem with ACS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART