please give me a hand. I have a problem when authenticating across ASA 5520 via Radius to ACS appliance 4.0 via VPN. I need to configure secure authentication and NAC for VPN remote user. It just doesnt work but it works when using Tacacs so all the connection seems to be ok as ACS succesfully authenticate a remote VPN user via MS AD when using Tacacs. But I have read that I cant use NAC when using Tacacs, am I right? Logs on ASA and ACS indicate a problem with shared key but I have already double checked the key on both sides, IP address is the correct one on ASA and I have also tried all possible Radius methods on ASA. Any idea where could be a problem???
thank you very much. Your advice has solved my problem. Even it is quite stupid that I had to remove my ASA device from NDG to Not asssigned ... but it works now :-)
But unfortunately I have another problem now. Authentication works correctly across ASA, ACS and MS AD but in ACS log (I mean Passed attempts) I can see that NAC doesnt work. The authentication just doesnt receive any Posture token so nothing happen even DOT1X posture validation works in normal LAN. I have cross-checked ASA configuration, NAC is enabled there ... I try to use another profile, NAC L3 but it looks that ASA ignores it. ACS log shows me using DOT1X profile or nothing when I turn of DOT1X profile.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :