cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
858
Views
0
Helpful
3
Replies

Cisco Clients can authenticate using RADIUS but Clientless SSL users can't

whiteford
Level 1
Level 1

Hi,

I am using a Cisco ASA 5520, Cisco VPN Clients can authenticate using RADIUS but Clientless SSL users can't. I am using the ASDM where do I need to check?

I can also use the CLI if needed.

Thanks

3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

Andy,

Are you using ACS for Radius or MS IAS? if using ACS see this link to double check your Webvpn tunnel config.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c18ff.shtml

In link above you can test RADIUS from withing ASDM for the Webvpn tunnel profile, try testing it from asa asdm.

Last but not least, look at the firewall logs, if your config seems correct you may need to debug, see link for more details, if no joy post output of debug.

ciscoasa#debug radius

Rgds

Jorge

Jorge Rodriguez

Hi,

I'm using MS IAS, and it's working well for my Cisco Client VPN's on the same ASA and at one point I managed to lock my Windows Active Directory account out, so it must of contacted the IAS server at some point.

I've only turned on Clientless SSL VPN today, I've never used it before, but the strange thing is I can login using my SSH/ASDM username and password (local). Does this help, not sure which area to look on the ASDM or CLI?

Thanks for your time.

Hi,

Have you done this yet?

Once you have configured the AAA server group and server, navigate to Configuration/Remote Access VPN/Clientless SSL VPN Access/ Connection Profiles in order to configure WebVPN to use the new AAA configuration.

Choose the profile for which you want to configure AAA, and click Edit.

Under Authentication choose the RADIUS server group that you created earlier. Click OK when finished.

Testing

Verify your RADIUS configuration with the Test button on the AAA Server Groups configuration screen. Once you supply a username and password, this button allows you to send a test authentication request to the ACS server.

Choose Configuration/Remote Access VPN/AAA Setup/AAA Server Groups.

Select your desired AAA Server group in the top pane.

Select the AAA server that you want to test in the lower pane.

Click the Test button to the right of the lower pane.

In the window that appears, click the Authentication radio button, and supply the credentials with which you want to test. Click OK when finished

HTH

Craig

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: