Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
VPN Clients are unable to authenticate to an IAS RADIUS server after an upgrade of the Cisco ASA/PIX to version 7.2.1
This problem occurs due to the presence of Cisco bug ID CSCsf27202.
VPN authentication fails after an upgrade of the Adaptive Security Appliance (ASA) software version from 7.1(1) to 7.2(1). In 7.1(1) and earlier versions. RADIUS requests were sent to the RADIUS server with the NAS-Port-Type of Virtual. In version 7.2(1), the NAS-Port-Type is not set.
These examples from the Microsoft RADIUS logs show success from 7.1(1) and a failure from 7.2(1):
Success Example on 7.1(1)
User WOUND\lremcgui was granted access. Fully-Qualified-User-Name = wound.san/lr/Users/McGuire, Emily NAS-IP-Address = 10.58.1.8 NAS-Identifier = Client-Friendly-Name = lrnasa5520 Client-IP-Address = 10.58.1.8 Calling-Station-Identifier = 18.104.22.168 NAS-Port-Type = Virtual NAS-Port = 182 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = Policy-Name = VPN Client Connections Authentication-Type = MS-CHAPv2 EAP-Type =