RE: ASA 5520 failover exec mate command

From: Fabian Pucciarelli [mailto:fabiangp_at_gmail.com]
Sent: Thursday, August 12, 2010 1:55 PM
To: Ryan West; Cisco certification
Subject: Re: ASA 5520 failover exec mate command

Thanks for the quick reply. I'll give it a try, so you think the standby unit
is sourcing the tacacs request from the internal ip? I still don't understand
why it looks for enable_1 in the local database.

Fabian

I didn't have a reference to the ACS setup, like how it's configured or where
it's located. Since the configs are replicated and assuming you have
standby's enabled, it seems to be failing authentication and trying to fall
back to local. Do you have a similar AAA command on your ASA?

aaa authentication enable console <tacacs_group> LOCAL

Can you try adding the standby address of your ASA to the TACACS server and
posting your relevant AAA configs?

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 12 2010 - 18:02:01 ART