I am trying my VPN user to get authenticated with Radius (ACS 5.0). and VPN user database is created in AD. Now when I am trying to connect through Cisco VPN client , I am unable to do so. Infact I get a error message (through debug at ASA level for aaa and isakmp) my RADIUS server is DOWN.
Please let me know is there any compability issue with ACS 5.0 on this because All was working fine on my ACS 4.2 version.
Yes there is a defect in ACS 5.0 with vpn authentication.
When you will try to connect with VPN client. you will not see any hits in monitoring and views.
In the ASDM logs: You will see radius server is not accessible.
Debugs will show you radius timing out.
This will work with tacacs.
Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858
<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858> ; Used Tacacs+ instead of radius.
If you want to use radius then you need to upgrade your acs version to 5.1
You can down load patch 9 (5-0-0-21-9.tar.gpg ) and ADE-OS (ACS_220.127.116.11_ADE_OS_1.2_upgrade.tar.gpg ) from the below mentioned path:
Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 18.104.22.168
Reference: ACS upgrade from version 5.0 to 5.1:
Do rate helpful posts-