I'm trying to implement Guest Wireless Access using NGS and ACS....
I am very close to have the solution working but I am having one last little problem which I am hoping someone would be able to help with or at least point me in the right direction....at the moment, this is what it is happening.....
The client connects to the newly created “guest” SSID
When the client opens a web browser, she/he is re-directed to the Web-Authentication page stored on the NGS (for that specific SSID)
The user then goes and types his library card number and PIN code
At the moment, and for simplicity sake, the user details are stored as local users on the ACS (have imported a CSV file onto ACS)
The NGS passes those details (library card and PIN) onto the ACS
On the ACS logs, I can actually see that the specific guest user passes authentication
And, on the firewall we can see the radius messages from the ACS to the NGS confirming user has passed authentication
However, after all the above, the end result is that the client gets a message on her/his screen saying “invalid username and password”
From the above, the problem seems to be at the NGS side but...
Not sure if it is a bug....
Or an incompatibility between NGSv2.0.3 and ACSv5.2...
Or missing configuration – found some suggestions that the client should be sending the Caller-Station-ID attribute....which, when looking on the ACS logs it is missing
The below is and output from the NGS logs....
Ready to process requests.
rad_recv: Access-Request packet from host 22.214.171.124 port 32769, id=12, length=144
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...