Last several days we have been trying to get a netscreen firewall SSG-140 running 6.1.r4 code to use the cisco acs for admin authentication. The Cisco ACS is running ver. 4.2.
We tried both radius and tacacs but neither is working.
Based on some of the debug, we can verify the shared secret is correct, the port number is correct (1645) also tried 1812 for radius.
The event log shows:
system warn 00518 Admin user test-rad has been rejected via the Radius server at nnn.nnn.nnn.nnn.
Unfortunately, the cisco acs is not much help when it comes to debug results.
firewall parameters are below.
set auth-server "Radius-NS" id 1
set auth-server "Radius-NS" server-name "Radius-test"
set auth-server "Radius-NS" account-type admin
set auth-server "Radius-NS" radius secret "ETn45MCAN2IOvksoXaCLUKoS1on8zhLZ/A=="
set auth-server "tacacs" id 2
set auth-server "tacacs" server-name "tacacs-test"
set auth-server "tacacs" account-type admin
set auth-server "tacacs" type tacacs
set auth-server "tacacs" tacacs secret "E/S+2g9UNe1eRNsyxvCQNnClkgneezrbAA=="
set auth-server "tacacs" tacacs port 1645
set admin auth server "tacacs"
set admin auth remote primary
set admin auth remote root
Any thoughts on what can be causing this?
We have tried various changes in the ACS to no avail.
We tried IETF, we loaded the .ini file for the juniper dictionary.
Nothing seems to matter