Cisco Systems Servers Server User Manual


 
Appendix A Troubleshooting Information for Cisco Secure ACS
PIX Firewall Issues
A-16
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
PIX Firewall Issues
User Authentication Issues
Condition Recovery Action
Remote administrator cannot
bring up Cisco Secure ACS from
his or her browser or receives a
warning that access is not
permitted.
If Network Address Translation is enabled on the PIX Firewall,
administration through the firewall cannot work.
To administer Cisco Secure ACS through a firewall, you must
configure an HTTP port range in System Configuration: Access
Policy. The PIX Firewall must be configured to permit HTTP traffic
over all ports included in the range specified in Cisco Secure ACS.
For more information, see Access Policy, page 10-10.
Condition Recovery Action
After the administrator removes
the Check NT Callback setting
from External User Databases:
Database Configuration:
Windows NT/2000:
Configuration,
Windows NT/2000 database
users can still dial in and apply
the Callback string configured
under the Windows NT/2000
user database.
Restart the Cisco Secure ACS services.
Callback is not working. Ensure that callback works on the AAA client using local
authentication. Then add AAA authentication.
User authentication fails when
using PAP.
Outbound PAP is not enabled. If the Failed Attempts report shows
that you are using outbound PAP, go to Interface Configuration and
select the Per-User Advanced TACACS+ Features check box.
Then, go to User Setup: Advanced TACACS+ Settings. Click
TACACS+ Enable Control and type and confirm the password in
the TACACS+ Outbound Password box.