equivalent command for "ip tacacs source-interface" on ASA

From CCIE networking & linux
Jump to: navigation, search

When we make different tacacs groups for each device type eg: routers, switch, firewals it is important that we use command

 "ip tacacs source-interface LoopbackX/Y"  

That tacacs requests are originated from the management address. Because Cisco ACS server makes some checks based on the originating subnet we have to assure that the message comes with the right source Ip address. But what we do on the Cisco Firewall ASA? I have extra interface management for directly in the management network 10.10.10.0/24. the name is management

interface Management0/0
  nameif management
  security-level 100
  ip address 10.10.10.201

I would like to use this in my configuration setup. So there are the tacacs commands on the asa. Instead of management there could be either inside/dmz/which you like. TACACS+ is the name and that represents the tacacs server object.

 aaa-server TACACS+ (management) host 10.10.10.1
  timeout 5
  key Password-lala
  !
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox
Offer
Martin Satara