Version...
Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)
We have an ASA 5505 on all our sites. The ASA is connected to a secondary ISP for redundancy. It has an IPSec VPN connection back to HQ.
Issue: We have TACACS and FreeRADIUS implemented on a server back at HQ. I will add in a rule to the INSIDE interface that allows tacacs and radius respectively. When I test my tacacs authentication, its successful. When I go to test my radius, it fails. Both services are on the same server. I have moved the radius ACL up to the top of the ACL list, still not working. I have added a rule in my crypto map, still not working. Packet tracer just says an implicit rule is denying but it wont say which one. I'm at a loss. It seems it has to do with UDP protocol for radius because Tacacs works fine. I have added rules all over the place and it has been denied.
aaa-server radius protocol radius
aaa-server radius (inside) host 192.168.50.X SECRET
authentication-port 1812
accounting-port 1813
aaa-server tacacs protocol tacacs+
aaa-server tacacs (inside) host 192.168.50.X SECRET
access-list inside extended permit tcp 10.2.X.0 255.255.255.0 host 192.168.50.X eq tacacs
access-list inside extended permit udp 10.2.X.0 255.255.255.0 host 192.168.50.X range radius radius-account