Guest

Preview Tool

Cisco Bug: CSCuw26653 - ASA management VRF routing table not used for Tacacs and Radius packets

Last Modified

Aug 31, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.5(1)

Description (partial)

Symptom:
ASA running code 9.5.1 does send Tacacs and Radius packets to AAA Server based on Management VRF routing table only if "management-access" statement is not configured matching the same management interface.

Conditions:
> ASA running code 9.5.1
> aaa-server statements matching the management interface
> "management-access" <management-nameif> configured on ASA

Related Community Discussions

TACACS+ Problem on Management Interface After ASA Upgrade
Hi Guys, We recently upgraded our ASA to 9.5.2 to allow us to have a separate routing table for the management interface, and allow us to reach the TACACS server through this interface. We currently have ACS for TACACS. After upgrade, we are no longer able to authenticate through TACACS and we are receiving a timeout error after a bit: test aaa-server authentication TACACS+  Server IP Address or name: 172.16.36.36 Username: test Password: ************* INFO: Attempting Authentication test to IP address ...
Latest activity: Aug 13, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.