equivalent command for "ip tacacs source-interface" on ASA

From CCIE networking & linux
Jump to: navigation, search

When we make different tacacs groups for each device type eg: routers, switch, firewals it is important that we use command

 "ip tacacs source-interface LoopbackX/Y"  

That tacacs requests are originated from the management address. Because Cisco ACS server makes some checks based on the originating subnet we have to assure that the message comes with the right source Ip address. But what we do on the Cisco Firewall ASA? I have extra interface management for directly in the management network the name is management

interface Management0/0
  nameif management
  security-level 100
  ip address

I would like to use this in my configuration setup. So there are the tacacs commands on the asa. Instead of management there could be either inside/dmz/which you like. TACACS+ is the name and that represents the tacacs server object.

 aaa-server TACACS+ (management) host
  timeout 5
  key Password-lala
Personal tools

Martin Satara