Scenario: ASA 5520 with 8.2 firmware, AnyConnect SSL VPN Client 2.5.3046 on Windows platforms, and Windows 2008 R2 NPS server RADIUS.
I've read a lot of blog posts regarding various aspects of this scenario, but none fully describe how to setup the complete solution. For example, one post concisely showed how to enable the ASA to connect to and communicate with the RADIUS services on the Windows 2008 R2 NPS server. Another explains how to apply the RADIUS settings to the VPN group policy. Yet something is missing from these various sources and connection issues arise.
The problem I am running into is that once the setup is completed my VPN client authenticates successfully, according to the logs of the ASA, and unfortunately, the VPN client shows "login failed" and does not provide access to the network.
Previously, this same client was setup to authenticate using the local database of users on the ASA and was successful in doing so.
Is there a source for an end-to-end solution on how this is setup?
I'm not sure how exactly it's setup in your network or whether you have DAP configured for VPN users. However, If DAP record are changed, for example, the Action: parameter in the DfltAccessPolicy is changed from its default value to Terminate and additional DAP records are not configured, authenticated users will, by default, match the DfltAccessPolicy DAP record and will be denied VPN access even though user is authenticated JUST fine.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...