I am having RADIUS accounting issues with an ASA 5520 that uses TACACS for authentication. Both are hosted on the same ACS server. I can send RADIUS info to my Microsoft IAS box but get Syslog ID 113022 errors when trying to send to the ACS RADIUS. A packet capture shows the RADIUS accounting request getting to the ACS box (Windows Server 2003 R2) but syslog shows failedauth. Any ideas?
Check out the below explantion and what is the configuration for aaa in asa has done and in ACS also .
Explanation This message indicates that the adaptive security appliance has attempted an authentication, authorization, or accounting request to the AAA server and did not receive a response within the configured timeout window. The AAA server is marked as "failed" and has been removed from service.
Recommended Action Verify that the AAA server is online and is accessible from the adaptive security appliance
1) Check out the ASA aaa client ip address is configured in ACS that is the trusted interface from where the ACS is reachable. Means if ACS is residing in Public zone interface so configure in ACS under aaa clients the public interface of ASA.
2) In ASA for radius server configuration, check out the authentication port is configured 1645 at both the end in ASA as well as in ACS under aaa client table.
3) and in ASA ACS server should come in online state, so the raidus port need to have communication betwee the two.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...