ASA and ACS 5.0 Radius Group

ccr_cisco · ‎07-06-2009

Hello,

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml

Following this note I try to assign an asa group policy through our ACS. The only difference is ACS v5.

I correctly set ACS to send the ou=group in the IETF[25] Class attribute. But debugging radius on asa i see the following arriving and not the ou= group :

Radius: Type = 25 (0x19) Class

Radius: Length = 22 (0x16)

Radius: Value (String) =

41 43 53 30 31 2f 33 34 31 31 36 39 35 39 2f 38 | ACS01/34116959/8

38 35 35 38 | 8558

Does someone experienced the same and have a solution ?

Thanks

Regards

tprendergast · ‎07-06-2009

Can you please paste the contents of the IETF 25 Class variable box from the group?

Verify the user you are authenticating is a member of that group, as well, so the attribute is returned.

ccr_cisco · ‎07-07-2009

Hello,

Here is the radius attribute box screenshot for the group. I can see on the ACS log that the user is on the group and that the good authorization profile is applied.

Thanks for your help

Regards

mmunozrosas · ‎09-24-2009

Hi,

I have a question for you, you could help me please?

The problem:

we have a problem for authentication a remote access VPN (ASA 5510, version 8.2.1) with ACS 5.0 (version 5.0.21), but its not working.

When I try with ACS 4.1, the authentication work fine.

could you tell me what is your version ACS and ASA??

your system is working ok????

Regards.

Marco