Re: AAA authentication

From: Luca Hall (lhall@setnine.com)
Date: Fri Jun 20 2008 - 10:55:10 ART

• Next message: gopal.x.gupta@jpmorgan.com: "Re: Redistribution between rip and ospf"
• Previous message: George Roman: "Re: Redistribution between rip and ospf"
• Maybe in reply to: Tim: "AAA authentication"
• Next in thread: Sadiq Yakasai: "Re: AAA authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

just because the aaa box is up dosent mean radius/tacacs is running on it
which is what its telling you with the debug message:
"AAA authentication server not accessible"
id make sure aaa is running and you have the ports correct on the server
and the router (old 1812 vs new 1645). netstat -na on your aaa box then
nmap the ports radius/tacacs is running on to make sure you can access it.

----- Original Message -----
From: Tim <ccie2be@nyc.rr.com>
To: 'Cisco certification' <ccielab@groupstudy.com>, security@groupstudy.com
Sent: Fri, 20 Jun 2008 09:33:12 -0400 (EDT)
Subject: AAA authentication

Hey guys,
 
This is driving me batty.
 
I setup aaa authen but it's failing.
 
Here's the debug output:
 
%PIX-6-113014: AAA authentication server not accessible : server =
10.0.0.100 : <----- NOT TRUE, see ping below.
 user = cisco123

%PIX-6-109006: Authentication failed for user 'cisco123' from
183.1.19.12/2811 t
o 183.1.19.100/80 on interface inside

%PIX-6-302014: Teardown TCP connection 9230 for inside:10.0.0.100/49 to NP
Ident
ity Ifc:183.1.19.9/1048 duration 0:00:01 bytes 96 TCP FINs

%PIX-6-302014: Teardown TCP connection 9227 for outside:183.1.19.100/80 to
insid
e:183.1.19.12/2811 duration 0:00:59 bytes 135 TCP FINs

%PIX-6-302013: Built outbound TCP connection 9231 for
outside:183.1.19.100/80 (1
83.1.19.100/80) to inside:183.1.19.12/2834 (183.1.19.12/2834)

%PIX-6-109001: Auth start for user '???' from 183.1.19.12/2834 to
183.1.19.100/8
0

%PIX-6-302013: Built outbound TCP connection 9232 for inside:10.0.0.100/49
(10.0
.0.100/49) to NP Identity Ifc:183.1.19.9/1049 (183.1.19.9/1049)

 
 
PIX(config)# ping 10.0.0.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.100, timeout is 2 seconds:

!!!!!
 
Why would the debug say "AAA authen server not accessible when it is?
 
I thought maybe the shared key wasn't correct or maybe the ip addresses
weren't correct but I checked them and they're all correct.
 
Thanks, Tim

• Next message: gopal.x.gupta@jpmorgan.com: "Re: Redistribution between rip and ospf"
• Previous message: George Roman: "Re: Redistribution between rip and ospf"
• Maybe in reply to: Tim: "AAA authentication"
• Next in thread: Sadiq Yakasai: "Re: AAA authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART