Thanks for the quick reply. I'll give it a try, so you think the standby
unit is sourcing the tacacs request from the internal ip? I still don't
understand why it looks for enable_1 in the local database.
Fabian
On Thu, Aug 12, 2010 at 11:40 AM, Ryan West <rwest_at_zyedge.com> wrote:
> Fabian,
>
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> > Behalf Of Fabian Pucciarelli
> > Sent: Thursday, August 12, 2010 1:35 PM
> > To: Cisco certification
> > Subject: ASA 5520 failover exec mate command
> >
> > Hi experts,
> > I have 2 asa 5520 configured on failover mode and authentication
> tacacs, I
> > cannot find a way to execute commands on the standby unit using my tacacs
> > login. For example
> >
> > DURHAM(config)# failover exec mate sh ver Fallback authorization.
> > Username 'enable_1' not in LOCAL database
> >
> > Is there a way to change this behavior so commands sent from the active
> unit
> > to the standby units are executed under a different username? The only
> way
> > I've found to make this work is add the enable_1 user to my local
> database.
> >
>
> Try adding the standby ASA internal / external IP to your TACACS+ server.
> Using an ACS backend (any TACACS+ will work), I'm able to issues commands
> on the slave ASA.
>
> -ryan
>
-- Regards, Fabian Pucciarelli Blogs and organic groups at http://www.ccie.netReceived on Thu Aug 12 2010 - 11:55:00 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART