cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
575
Views
0
Helpful
2
Replies

Operability issue of ACS 5.0 as Radius with ASA ??

riteshmalpani
Level 1
Level 1

Hi ,

I am trying my VPN user to get authenticated with Radius (ACS 5.0). and VPN user database is created in AD. Now when I am trying to connect through Cisco VPN client , I am unable to do so. Infact I get a error message (through debug at ASA level for aaa and isakmp) my RADIUS server is DOWN.

Please let me know is there any compability issue with ACS 5.0 on this because All was working fine on my ACS 4.2 version.

Regards

Ritesh

1 Accepted Solution

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

Ritesh,


Yes there is a defect in ACS 5.0 with vpn authentication.

When you will try to connect with VPN client. you will not see any hits in monitoring and views.
In the ASDM logs: You will see radius server is not accessible.
Debugs will show you radius timing out.
This will work with tacacs.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858> ; Used Tacacs+ instead of radius.

If you want to use radius then you need to upgrade your acs version to 5.1

You can down load patch 9 (5-0-0-21-9.tar.gpg ) and  ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from the below mentioned path:

Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software >  5.0.0.21

Reference: ACS upgrade from version 5.0 to 5.1:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html

HTH


Regards,

JK


Do rate helpful posts-

~Jatin

View solution in original post

2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

Ritesh,


Yes there is a defect in ACS 5.0 with vpn authentication.

When you will try to connect with VPN client. you will not see any hits in monitoring and views.
In the ASDM logs: You will see radius server is not accessible.
Debugs will show you radius timing out.
This will work with tacacs.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858> ; Used Tacacs+ instead of radius.

If you want to use radius then you need to upgrade your acs version to 5.1

You can down load patch 9 (5-0-0-21-9.tar.gpg ) and  ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from the below mentioned path:

Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software >  5.0.0.21

Reference: ACS upgrade from version 5.0 to 5.1:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html

HTH


Regards,

JK


Do rate helpful posts-

~Jatin

Hi JK,

I followed the steps as guided by you to upgrade the ACS 5.0 to 5.1.

Please suggest what steps should i follow so that a vpn user on first logon should be asked for to change password.

Regards

Ritesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: