- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.
07-09-2024 12:57 PM
admin@PA-(active)> test authentication authentication-profile ISE-TACACS username XXXX password
Enter password :
Target vsys is not specified, user "XXXX" is assumed to be configured with a shared auth profile.
Do allow list check before sending out authentication request...
name "XXXX" is in group "all"
Authentication to TACACS+ server at '172.31.100.11' for user 'XXXX'
Server port: 49, timeout: 3, flag: 0
Egress: 172.31.129.9
Attempting CHAP authentication ...
CHAP authentication request is created
Sending credential: xxxxxx
Failed to send CHAP authentication request: Network read error: Connection reset by peer
Returned status: -1
Authentication/authorization failed against TACACS+ server at 172.31.100.11:49 for user XXXX
Authentication/authorization failed for user "XXXX"
07-09-2024 07:06 PM
Have you run a debug on ISE and verified things from that side of things. The reset in your test would indicate that ISE hasn't had a network device added to account for the firewall sending requests.
07-10-2024 09:53 AM
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMYmCAO
I followed the steps from the article above. Now, I can log in successfully, but after logging in, the WebUI tries to load and then kicks me back to the login page.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!