Cisco anyconnect User authentication and authorization with Cisco ASA using RADIUS server group
I would like to configure RADIUS authentication and authorization in ASA 8.2 (ADSM 6.2) by configuring Cisco anyconnect VPN client connection profile.
So the end result would be user enters his username, password and a token in any connect client, then the RADIUS server validates this information and sends the user attributes to ASA upon successful authentication.
I would be grateful if i can get the step by step procedure to achieve this:
The below is what iam trying to do:
1) Create an AAA server group.
2) Add the AAA server to this group (here its RADIUS).
3) create an LDAP-cisco ASA group mapping (for authorization)
3) Add a group policy and create IP pool. (We can add two types of group policies, one is internal and external. Not sure which one to select here).
4) create a any connect vpn client connection profile. Here we specify the created server group name, IP pool and group policy.
(While creating a connection profile, it asks us to select an interface. As of now i have only one interface which is "inside". Not sure what the interface "outside" means).
Re: Cisco anyconnect User authentication and authorization with
We are trying to set up RADIUS authentication and authorization through ayconnect client using Cisco ASA.
We are stuck at the authorization part. Below is what i have done.
1) Created a server group (Configuration -> Remote access VPN -> AAA/local users -> AAA Server groups )
2) I have added a RADIUS Server into this AAA server group.
3) Verified the authentication through RADIUS using the "Test" button.
4) Authentication was successful.(got an information message).
5) To verify the authorization part for this AAA Server, we will have to setup the LDAP to RADIUS group mapping.
6) So, in LDAP-RADIUS mapping, i have added an attribute name as "Member Of" in "Customer name" field and mapped it to "IETF-RADIUS-Class" attibute in "Cisco name" field and entered the mapping value for the attribute "Member Of" in the "customer value" field and in the "Cisco value' field i entered the Group policy that i created.(internal group policy).
7) After applying these LDAP-RADIUS mapping, i tried to verify the authorization part.
8) Selected the AAA RADIUS Server and clicked on "Test" and i have enabled the "Authorization" button in the Test settings.But when i test the authorization part, iam geting an error message saying "Authorization failed.AAA Server rejected".
The question here is how do i ensure that the LDAP-RADIUS mapping that i have created is applicable to the AAA Server that i have created.
Could you please provide me a solution for this ( i will send you the screen shots if required).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...