Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authenticating, Authorizing VPN user with AAA

Hello,

I have ACS1113(4.2) solution Engine and ASA 5550 which have been integrated with ACS. I need to authenticate and authorize the VPN users form ACS.

Also I need to have different access for different group in ACS

please help me in this.

Thanks

Ritesh

4 REPLIES

Re: Authenticating, Authorizing VPN user with AAA

Ritesh,

Please provide some more information about your setup. Here are some links that should help,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008080f2d1.shtml

NAR's,

http://tinyurl.com/cowfsb

Command Authorization,

http://tinyurl.com/c5n4rl

Configure ACS to Assign a Group Policy at Login using RADIUS

http://tinyurl.com/2sa44y

Hope that helps!

Regards,

~JG

Do rate helpful posts

New Member

Re: Authenticating, Authorizing VPN user with AAA

Thanks Gambhir . I was able to complete the task.

Re: Authenticating, Authorizing VPN user with AAA

Hi Ritesh,

Please mark this thread resolved so other can benefit.

Regards,

~JG

New Member

Re: Authenticating, Authorizing VPN user with AAA

Hi,

I am finding one problem. Well I have done the configurations in ASA for Authentication through ACS but when attempt to autehnticate through user then i get autehentication message. here is the command configure in ASA and debug msg

Command:

aaa-server ACSCHN protocol radius

aaa-server ACSCHN (WAN) host 10.132.15.26

key _____

aaa authentication telnet console ACSCHN LOCAL

aaa authentication enable console ACSCHN LOCAL

Debug Msg:

Initiating authentication to primary server (Svr Grp: ACSCHN)

------------------------------------------------

AAA FSM: In AAA_BindServer

AAA_BindServer: Using server:

AAA FSM: In AAA_SendMsg

User: wipro

Resp:

In localauth_ioctl

Local authentication of user wipro

callback_aaa_task: status = -1, msg =

AAA FSM: In aaa_backend_callback

aaa_backend_callback: Handle = 868, pAcb = 1a3363f8

aaa_backend_callback: Error: sorry

AAA task: aaa_process_msg(185f00e8) received message type 1

AAA FSM: In AAA_ProcSvrResp

Back End response:

------------------

Authentication Status: -1 (REJECT)

AAA FSM: In AAA_NextFunction

AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = REJECT

AAA_NextFunction: authen svr = ACSCHN, author svr = , user pol = , tunn pol =

AAA_NextFunction: New i_fsm_state = IFSM_DONE,

AAA FSM: In AAA_ProcessFinal

AAA FSM: In AAA_Callback

user attributes:

None

user policy attributes:

None

tunnel policy attributes:

None

Auth Status = REJECT

aaai_internal_cb: handle is 868, pAcb is 1a3363f8, pAcb->tq.tqh_first is 1841ce20

AAA API: In aaa_close

AAA task: aaa_process_msg(185f00e8) received message type 3

In aaai_close_session (868)

Please help why it authenticated with internal server not with ACS server.

Regards

Ritesh

442
Views
0
Helpful
4
Replies
CreatePlease to create content