Forum Discussion
NimbostratusTACACS(ACS) -> Remote IP not logging in ACS from F5
F5 is not forwarding the remote IP to cisco ACS(TACACS). I have certain policies set based on Remote IP at ACS. Since the Remote IP is not logged in these policies doesn't match. Any workaround/solution to this?
Samir_Jha_52506Noctilucent
@Raghunaath, Are you not able to login F5 device via remote ACS?
- Was it working earlier to suddenly stopped working?
- Did you check the route?
- Capture the packet via root and check if any other issue?
Let us know if question. Happy to help.
Raghunaath_3029@f5_rock, Thanks for your reply.
The policies at ACS was defined recently(based on the Remote IP -> call it an ACL), and after then everything stopped working. Note: If I remove the policy in ACS everything will be back to normal, but I don't want to do that. We have a considerable amount of F5's in our lab which behaves unique. None of the F5 is sending the actual remote IP(IP where the actual request is coming from) to ACS. I don't see Remote IP set in the payload from the capture(did this by enabling the debug).
- Samir_Jha_52506
I believe you need to add management route to device then remote authentication will start working. Are you able to ping to remote server?
- Raghunaath_3029
Management route is in place and is reachable.