cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1173
Views
0
Helpful
0
Replies
gaigl
Beginner

ACS 4.2 Windows Radius Attributes for VPN-dial-in

Hello,

this Situation:

Remote-User establish a VPN-Connection (AnyConnect) to a ASA 8.4, ASA forwards Authentication to ACS 4.2. , ACS should assign IP-Adress from a Adress-Pool dependent on GroupMembership (LDAP)

the Problem:

the User gets an IP-Config with a Default-Gateway which is always the 3.Address of the IP-Pool (IP-Pools are /28 Ranges), the Mask is ok (/32).

On the ASA-Log I can see a Message:

%ASA-6-110002: Failed to locate egress interface for protocol from src interface:src IP/src port to dest IP/dest port

I've assigned following Attibutes:

IP Assignement: Assigned from AAA server pool (the accordant pool is selected)

IETF Radius Attributes:

006 Service Type: Framed

007 Framed Protocol: ppp

009 Framed-IP-Netmask: 255.255.255.255

(not sure about) 022 Framed-Route: 0.0.0.0

025 Class: <Group-Policy of ASA>

does anyone of you know, what I'm making wrong?

on The ASA I can't find any settings.

Thanks for any advice

0 REPLIES 0
Content for Community-Ad