Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 3.2 radius

I have a problem with Cisco Secure 3.2 and external database authentication.

We use cisco secure to authenticate dialup users via tacacs and vpn users

through a checkpoint ng fp3 firewall via radius. Also we have radius athentication

to the firewall using checkpoints client authentication mechanism. My problems is with

the radius authentication. In the group settings of my cisco secure groups i have an

"ip address assignment" of "Assigned from AAA Client pool " when i try to authenticate a user

to the firewall (which passes the radius authentication request to Cisco Secure 3.2) it fails.

In this scenario i dont actually need an ip address just an authentication.However when i

set the "ip address assignment" to "No IP address assignment" it works.

Obviously i need this setting for my dialup users who get assigned an ip address. Because a user

can only belong to 1 group this setting must be set for when he/she dials in a gets an ip address.

This worked fine in 3.0(1) Build 40. I have searched cisco tac and cannot see a similiar problem

Has anyone seen this or found a work around.

CreatePlease to create content