Cisco Clients can authenticate using RADIUS but Clientless SSL users can't

Unanswered Question
Jul 25th, 2008
User Badges:

Hi,


I am using a Cisco ASA 5520, Cisco VPN Clients can authenticate using RADIUS but Clientless SSL users can't. I am using the ASDM where do I need to check?


I can also use the CLI if needed.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 07/25/2008 - 09:53
User Badges:
  • Green, 3000 points or more

Andy,


Are you using ACS for Radius or MS IAS? if using ACS see this link to double check your Webvpn tunnel config.


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c18ff.shtml


In link above you can test RADIUS from withing ASDM for the Webvpn tunnel profile, try testing it from asa asdm.


Last but not least, look at the firewall logs, if your config seems correct you may need to debug, see link for more details, if no joy post output of debug.


ciscoasa#debug radius



Rgds

Jorge

whiteford Fri, 07/25/2008 - 10:08
User Badges:

Hi,


I'm using MS IAS, and it's working well for my Cisco Client VPN's on the same ASA and at one point I managed to lock my Windows Active Directory account out, so it must of contacted the IAS server at some point.


I've only turned on Clientless SSL VPN today, I've never used it before, but the strange thing is I can login using my SSH/ASDM username and password (local). Does this help, not sure which area to look on the ASDM or CLI?


Thanks for your time.

craig.eyre Fri, 08/29/2008 - 10:09
User Badges:

Hi,



Have you done this yet?


Once you have configured the AAA server group and server, navigate to Configuration/Remote Access VPN/Clientless SSL VPN Access/ Connection Profiles in order to configure WebVPN to use the new AAA configuration.


Choose the profile for which you want to configure AAA, and click Edit.


Under Authentication choose the RADIUS server group that you created earlier. Click OK when finished.


Testing


Verify your RADIUS configuration with the Test button on the AAA Server Groups configuration screen. Once you supply a username and password, this button allows you to send a test authentication request to the ACS server.


Choose Configuration/Remote Access VPN/AAA Setup/AAA Server Groups.


Select your desired AAA Server group in the top pane.


Select the AAA server that you want to test in the lower pane.


Click the Test button to the right of the lower pane.


In the window that appears, click the Authentication radio button, and supply the credentials with which you want to test. Click OK when finished



HTH



Craig

Actions

This Discussion