From: Andrew Larkins (andrew.larkins@BTGroup.co.za)
Date: Thu Apr 12 2007 - 14:09:18 ART
In the system configuration tab, acs support of something like that is
the CSagent - untick it,
Alos I see in other thread about zone alarm - is that even supported?
-----Original Message-----
From: CCDesire [mailto:lhd.ccdzi@gmail.com]
Sent: 12 April 2007 16:22
To: Andrew Larkins; ccielab@groupstudy.com
Subject: RE: Problem with ACS
I don't really get what you mean about Disable the Cisco secure agent as
a
means of troubleshooting. How can I do it ?
-----Original Message-----
From: Andrew Larkins [mailto:andrew.larkins@BTGroup.co.za]
Sent: Thursday, April 12, 2007 2:26 PM
To: Luu Hoang Dung; ccielab@groupstudy.com
Subject: RE: Problem with ACS
Hi,
In the ACS system, is the TACSC+ service running? It is either this or
there is some form of filtering on the path from the device to the ACS
server. Disable the Cisco secure agent as a means of troubleshooting as
well.
Andrew
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Luu Hoang Dung
Sent: 11 April 2007 19:02
To: ccielab@groupstudy.com
Subject: RE: Problem with ACS
Hi Marvin and other guys,
Firstly thank you for your concern.
I have tried to check my process and the result are:
1 - There is only a transparent switch between the
router-to-be-authenticated and the ACS server
2 - When I telnet to port 49 of the ACS server from my PC I got: " could
not
open connection to the host on port 49: Connect failed ".
When I telnet to port 49 of the ACS server from my Routers I got:
" Router2#telnet 192.168.1.200 49
Trying 192.168.1.200, 49 ...
% Connection refused by remote host ".
3 - I configure the router to authenticate locally like this:
username cisco password 0 cisco
aaa new-model
!
!
aaa authentication login default local
And the result is successful.
4- I tried to authenticate different routers and the error msg still the
same and I got this for more :
*Mar 1 00:17:48.315: TPLUS(00000004)/0/WRITE: write to 192.168.1.200
failed
with errno 134((ENOTCONN))
*Mar 1 00:17:53.311: TPLUS(00000004)/0/WRITE/62E74248: timed out
5- There isn't any ACL anywhere
What more can be wrong here ?
-----Original Message-----
From: Marvin Greenlee [mailto:marvin@ipexpert.com]
Sent: Wednesday, April 11, 2007 9:08 AM
To: 'CCDesire'; 'Cisco certification'
Subject: RE: Problem with ACS
Are there other devices in the data path between your router and the ACS
server?
Do you get the same response (connection is refused) if you telnet from
the
router to the ACS server on TCP port 49 ?
Are you getting this message when you try an authentication from the
router
locally (using the 'test aaa' command)?
Do you only get the 'connection refused' when trying to connect to the
router from somewhere else? If only when trying to connect to the
router
from somewhere else, is there any configured access-class/ACL blocking
traffic to the router?
Are you able to authenticate to the ACS server from the router using
RADIUS?
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
"When Will You Be an IP Expert?"
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
CCDesire
Sent: Tuesday, April 10, 2007 9:37 PM
To: 'Cisco certification'
Subject: Problem with ACS
Dear group,
I have the following error message every time I try to authenticate
routers
to the Tacacs+ Server in Cisco Secure ACS: