Users created in Qradar do not authenticate. Qradar is configured to use RADIUS and CHAP to authenticate the users in ACS. ACS v4.2 does not seem to allow a client to be configured such that Qradar must authenticate with ACS via CHAP in order to then send the (Qradar) user authentication request.
Qradar is a SIEM, admins need to log into it to work with it. Those users need to be authenticated so Qradar authenticates to ACS. There are no failures being logged. What I see in a packet capture and my workstation is basically useless since the interaction is TLS encrypted. A few packets go back and forth then they stop. At Qadar's login screen you see "failed authentication".
Since Qradar is configured to use PAP or CHAP, I want to find where in ACS you configure the CHAP password for the device. We have other non-cisco devices that do Radius in the same way for the admin's to log into them. Something is missing in the configuration and or definition for the device (Qradar).
This is likely going to be answered by someone who authenticated F5's or other non-cisco devices using v4 of ACS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...