Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3402
Views
0
Helpful
8
Replies

Authentication error eap-tls ACS 5.2 with MS CA

Eugene Petersen
Level 1
Level 1

‎02-15-2011 07:32 AM - edited ‎03-10-2019 05:49 PM

Hi

Unable to authenticate using EAP-TLS  Cisco ACS 5.2 , MS CA and Cisco 1250 AP

12752 Failed to negotiate EAP for inner method because EAP-TLS not allowed under PEAP configuration in Access Service.

Generated on:February 15, 2011 5:16:31 PM SAST
Description
The client's supplicant sent an EAP-Response/NAK packet rejecting the EAP-based protocol that was previously proposed for the inner method, and requested to use EAP-TLS instead. However, ACS does not allow EAP-TLS under PEAP configuration in the Allowed Protocols section of the corresponding Access Service.

Resolution Steps
Ensure that the EAP-TLS protocol is allowed by ACS under PEAP configuration in the Allowed Protocols section of the relevant Access Service.

I am a newbie to ACS 5.2. Please need some help..MS AD authentication with ACS works fine.  Certificate authentication not successful.  Utilised the IBNS guide on Cisco website as well as configuration guide.

Has anybody encountered this problem? Please help

Eugene

Labels:
0 Helpful
8 Replies 8

ian_banderaz
Level 1
Level 1

‎02-15-2011 09:49 AM

go to access service -> identity and select allowed protocol tabs.

there , expand PEAP and check the EAP-TLS.

0 Helpful

Eugene Petersen
Level 1
Level 1
In response to ian_banderaz

‎02-16-2011 01:38 AM

These protocols are selected.

Under the Allowed Protocols TAB

EAP-TLS is a selected protocol on its own

Under PEAP

    EAP-MS-CHAPv2 and EAP-GTC is selected for inner methods.

Prefered EAP Method is also EAP-TLS..

0 Helpful

c.fonseca
Level 1
Level 1
In response to Eugene Petersen

‎09-08-2011 12:51 PM

I'm with the same error. When I try to connect to the wi-fi with the certificate  acs is the same error.

Does anyone have any idea to solve the problem?

0 Helpful

tsutton31
Level 1
Level 1
In response to Eugene Petersen

‎03-22-2012 11:42 AM

I'm setting this up in a lab environment and have the same issue as you have documented in this discussion:

12752 Failed to negotiate EAP for inner method because EAP-TLS not allowed under PEAP configuration in Access Service

I don't see a fixed posted here. If you have the fix please post, I would be interested.

Regards,

Tracy

0 Helpful

jrabinow
Level 7
Level 7
In response to tsutton31

‎03-22-2012 11:57 AM

PEAP with inner TLS method is only supported in ACS 5.3. You will need to upgrade to ACS 5.3

0 Helpful

antero
Level 1
Level 1

‎03-23-2012 10:46 AM

HI,

i Have ACS 5.2.0.26.8, configured for 802.1x authentication with Certificates, and no problem.

witch version do you have?

have you configured the Certificate Authentication Profile and activate ir in idetity store sequence?

cheers

Antero

0 Helpful

tsutton31
Level 1
Level 1
In response to antero

‎03-23-2012 11:55 AM

Antero, thanks for the update. My ACS level is 5.2.0.26.. Could you provide a little more detail on where you tie in your Certificate Authentication Profile. I now have this created but not reallly sure what to apply this, on an Access Policy?

Regards,

Tracy

0 Helpful

antero
Level 1
Level 1
In response to tsutton31

‎03-26-2012 02:31 AM

Hi tracy

after installuing the certificate in you rACS and do the specific config to trust for clients with EAP-TLS

create an identity store sequence aas above.

create a an access Service as this one useing the new sequence

wirh this allowed protocols

under the group you created in access polocie Authorization

here is the match to do with the certificate profile, if the certificate with this sublect was issue from the CA you previuously added to ACS then you are allowed to be authenticated.

hope this help.

Antero

0 Helpful
Customers Also Viewed These Support Documents