Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA and ACS 5.0 Radius Group

Hello,

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml

Following this note I try to assign an asa group policy through our ACS. The only difference is ACS v5.

I correctly set ACS to send the ou=group in the IETF[25] Class attribute. But debugging radius on asa i see the following arriving and not the ou= group :

Radius: Type = 25 (0x19) Class

Radius: Length = 22 (0x16)

Radius: Value (String) =

41 43 53 30 31 2f 33 34 31 31 36 39 35 39 2f 38 | ACS01/34116959/8

38 35 35 38 | 8558

Does someone experienced the same and have a solution ?

Thanks

Regards

3 REPLIES

Re: ASA and ACS 5.0 Radius Group

Can you please paste the contents of the IETF 25 Class variable box from the group?

Verify the user you are authenticating is a member of that group, as well, so the attribute is returned.

New Member

Re: ASA and ACS 5.0 Radius Group

Hello,

Here is the radius attribute box screenshot for the group. I can see on the ACS log that the user is on the group and that the good authorization profile is applied.

Thanks for your help

Regards

New Member

Re: ASA and ACS 5.0 Radius Group

Hi,

I have a question for you, you could help me please?

The problem:

we have a problem for authentication a remote access VPN (ASA 5510, version 8.2.1) with ACS 5.0 (version 5.0.21), but its not working.

When I try with ACS 4.1, the authentication work fine.

could you tell me what is your version ACS and ASA??

your system is working ok????

Regards.

Marco

207
Views
0
Helpful
3
Replies