Cisco ASA - Assume Timeout Period For TACACS?

So I was just on an ASA, doing some TACACS work, so that basically I could authenticate to the firewall using a Cisco ACS server. When I tried to authenticate to the box, there was a pause after I entered the password, and then it did not authenticate me. Ok, so I later (30 seconds later) figured out it was another firewall near my ACS server blocking TACACS traffic. So I implemented a rule on it to allow TACACS traffic through. I then went to authenticate to the firewall again, and it INSTA denied me after I input my username/password. Almost like it assumed the TACACS server was unavailable. I then waited about 5-10 minutes and tried again, and it worked! So I am wondering, is there a timeout period after a failed ASA-to-ACS server authenticaton (where maybe the firewall couldn't reach the ACS server), and just causes the secondary method of authentication to INSTA kick in (eg: Local authentication)?

Sign In or Register to comment.