ASA and ACS 5.0 Radius Group

Unanswered Question
Jul 6th, 2009
User Badges:


Following this note I try to assign an asa group policy through our ACS. The only difference is ACS v5.

I correctly set ACS to send the ou=group in the IETF[25] Class attribute. But debugging radius on asa i see the following arriving and not the ou= group :

Radius: Type = 25 (0x19) Class

Radius: Length = 22 (0x16)

Radius: Value (String) =

41 43 53 30 31 2f 33 34 31 31 36 39 35 39 2f 38 | ACS01/34116959/8

38 35 35 38 | 8558

Does someone experienced the same and have a solution ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tprendergast Mon, 07/06/2009 - 11:22
User Badges:
  • Silver, 250 points or more

Can you please paste the contents of the IETF 25 Class variable box from the group?

Verify the user you are authenticating is a member of that group, as well, so the attribute is returned.

ccr_cisco Tue, 07/07/2009 - 01:23
User Badges:


Here is the radius attribute box screenshot for the group. I can see on the ACS log that the user is on the group and that the good authorization profile is applied.

Thanks for your help



I have a question for you, you could help me please?

The problem:

we have a problem for authentication a remote access VPN (ASA 5510, version 8.2.1) with ACS 5.0 (version 5.0.21), but its not working.

When I try with ACS 4.1, the authentication work fine.

could you tell me what is your version ACS and ASA??

your system is working ok????




This Discussion