05-20-2010 04:34 AM
Good morning,
I am trying to deploy an SSL VPN in ASA 8.0, I have allow access in public interface and configured radius authentication.
I have debug radius in asa and I see authentication is OK, i also checked from asa test radius button and works for authentication but
it does not work for authorization.
I have already configured a local user in radius server.
Thanks for your help.
Best regards
Fran
Solved! Go to Solution.
05-21-2010 01:03 PM
You could possibly be hitting a license limit if a couple of sessions did not disconnect properly and you only have the default of 2 SSL licenses.. Do "show ver" to see how many webvpn licenses you have. Also try "vpn-sessiondb logoff all" to clear any existing connections.
-heather
05-25-2010 04:13 PM
P.S. If I have answered your question please mark the post as resolved and rate the responses. This helps us more easily identify which questions remain unanswered and let us know how we are doing. Thanks in advance!
05-20-2010 05:10 AM
What do you mean by it does not work for authorization?
If you just want to authenticate user to connect via SSL VPN, you do not need to configure authorization.
Please remove the authorization, and just test with authentication.
Please also make sure that you have applied the authentication-server-group for radius on the tunnel-group that you are using for SSL VPN.
05-20-2010 06:48 AM
Authentication seems to be working OK ,
I see radius server authenticates me when I type user and password.
Also checked with debug radius in ASA and passed.
But in web browser window a message appears: login failed
Any clue?
Thanks for your help
Fran
2010/5/20 halijenn
FRAN PENA MARTINEZ,
>
A new message was posted in the Discussion thread "SSL WEB VPN cannot login":
>
https://supportforums.cisco.com/message/3076323#3076323
>
Author : halijenn
Profile : https://supportforums.cisco.com/people/halijenn
>
Message:
05-21-2010 04:35 AM
I have tried even with an local user configured in ASA and same message in web browser login incorrect: login failed
I have removed all config and tried again using ssl vpn wizard, defined a local user, same problem , login failed
05-21-2010 01:03 PM
You could possibly be hitting a license limit if a couple of sessions did not disconnect properly and you only have the default of 2 SSL licenses.. Do "show ver" to see how many webvpn licenses you have. Also try "vpn-sessiondb logoff all" to clear any existing connections.
-heather
05-25-2010 04:13 PM
P.S. If I have answered your question please mark the post as resolved and rate the responses. This helps us more easily identify which questions remain unanswered and let us know how we are doing. Thanks in advance!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: