Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Operability issue of ACS 5.0 as Radius with ASA ??

Hi ,

I am trying my VPN user to get authenticated with Radius (ACS 5.0). and VPN user database is created in AD. Now when I am trying to connect through Cisco VPN client , I am unable to do so. Infact I get a error message (through debug at ASA level for aaa and isakmp) my RADIUS server is DOWN.

Please let me know is there any compability issue with ACS 5.0 on this because All was working fine on my ACS 4.2 version.

Regards

Ritesh

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Operability issue of ACS 5.0 as Radius with ASA ??

Ritesh,


Yes there is a defect in ACS 5.0 with vpn authentication.

When you will try to connect with VPN client. you will not see any hits in monitoring and views.
In the ASDM logs: You will see radius server is not accessible.
Debugs will show you radius timing out.
This will work with tacacs.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858> ; Used Tacacs+ instead of radius.

If you want to use radius then you need to upgrade your acs version to 5.1

You can down load patch 9 (5-0-0-21-9.tar.gpg ) and  ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from the below mentioned path:

Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software >  5.0.0.21

Reference: ACS upgrade from version 5.0 to 5.1:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html

HTH


Regards,

JK


Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Re: Operability issue of ACS 5.0 as Radius with ASA ??

Ritesh,


Yes there is a defect in ACS 5.0 with vpn authentication.

When you will try to connect with VPN client. you will not see any hits in monitoring and views.
In the ASDM logs: You will see radius server is not accessible.
Debugs will show you radius timing out.
This will work with tacacs.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858> ; Used Tacacs+ instead of radius.

If you want to use radius then you need to upgrade your acs version to 5.1

You can down load patch 9 (5-0-0-21-9.tar.gpg ) and  ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from the below mentioned path:

Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software >  5.0.0.21

Reference: ACS upgrade from version 5.0 to 5.1:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html

HTH


Regards,

JK


Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
Community Member

Re: Operability issue of ACS 5.0 as Radius with ASA ??

Hi JK,

I followed the steps as guided by you to upgrade the ACS 5.0 to 5.1.

Please suggest what steps should i follow so that a vpn user on first logon should be asked for to change password.

Regards

Ritesh

330
Views
0
Helpful
2
Replies
CreatePlease to create content