ACS not responding to Radius Requests with empty username
I'm running a ASA5580 to terminate remote access VPN. The ASA sends Radius Requests to a ACS 5.2 for Authentication. The ACS then connects via LDAP to the ActiveDirectory to authenticate the VPN User. So far, this works fine.
But the ASA regularely marks the Radius Server as Dead (Syslog-ID 113022), and after a while, it is marked as alive again. Now, I found out that this happens when I try to connect with Anyconnect without entering a username. The ACS droppes the Request with this message: "11021 RADIUS could not decipher password. packet missing necessary attributes" and does not answer to the ASA. So the ASA believes, the ACS is dead.
Is there any solution for that? Or am I totally wrong with my findings?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...