Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
2
Replies

A problem when authenticating ASA via Radius

Go to solution
ales.simr
Level 1
Level 1

‎06-08-2007 12:28 AM - edited ‎03-10-2019 03:12 PM

Dear all,

please give me a hand. I have a problem when authenticating across ASA 5520 via Radius to ACS appliance 4.0 via VPN. I need to configure secure authentication and NAC for VPN remote user. It just doesnt work but it works when using Tacacs so all the connection seems to be ok as ACS succesfully authenticate a remote VPN user via MS AD when using Tacacs. But I have read that I cant use NAC when using Tacacs, am I right? Logs on ASA and ACS indicate a problem with shared key but I have already double checked the key on both sides, IP address is the correct one on ASA and I have also tried all possible Radius methods on ASA. Any idea where could be a problem???

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Premdeep Banga
Level 7
Level 7

‎06-08-2007 04:32 AM

Hi,

As you are using ACS 4.0, then make sure the AAA Client entry for ASA that you have created on ACS, if under a NDG, then make sure that there is no key on NDG level.

Other way, move ASA client entry as Radius on ACS to (Not Assigned) NDG on ACS.

Regards,

Prem

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Premdeep Banga
Level 7
Level 7

‎06-08-2007 04:32 AM

Hi,

As you are using ACS 4.0, then make sure the AAA Client entry for ASA that you have created on ACS, if under a NDG, then make sure that there is no key on NDG level.

Other way, move ASA client entry as Radius on ACS to (Not Assigned) NDG on ACS.

Regards,

Prem

0 Helpful

Go to solution
ales.simr
Level 1
Level 1
In response to Premdeep Banga

‎06-12-2007 11:59 AM

Sir,

thank you very much. Your advice has solved my problem. Even it is quite stupid that I had to remove my ASA device from NDG to Not asssigned ... but it works now :-)

But unfortunately I have another problem now. Authentication works correctly across ASA, ACS and MS AD but in ACS log (I mean Passed attempts) I can see that NAC doesnt work. The authentication just doesnt receive any Posture token so nothing happen even DOT1X posture validation works in normal LAN. I have cross-checked ASA configuration, NAC is enabled there ... I try to use another profile, NAC L3 but it looks that ASA ignores it. ACS log shows me using DOT1X profile or nothing when I turn of DOT1X profile.

Dont you know where could be a problem???

0 Helpful
Customers Also Viewed These Support Documents