Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4601
Views
5
Helpful
2
Replies

Firepower Shell authentication with radius

Go to solution
parmsing1
Level 1
Level 1

‎09-11-2016 02:42 AM - edited ‎03-11-2019 12:04 AM

Hi All,

We are planning to implement firepower ssh login through radius server.

Currently we have SSH configured for the firepower module on ASA and we are able to login using admin account, If we configured system profile in firresight. we are still not able to login to firepower module via ssh using radius credentials, however, local "admin" account is working and we are able to login.

Please advice,

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tim Verscheure
Level 1
Level 1

‎10-24-2016 07:29 AM

To get this working, please ensure the following is configured:

1. Create External Authentication Object for the Radius server. (System > Users > external authentication). Fill in the required radius server details. IMPORTANT: configure "Administrator Shell Access User List" with the usernames that need shell access. Without it, I could not get it to work.

2. In your system policy, enable this radius server entry for external authentication. do not forget to deploy again after your change.

3. On your radius server, configure authorization to return a radius ACCESS_ACCEPT and "Administrator" class. On Cisco ISE this is using the "ASA VPN" part in the "common tasks" section of the authZ profile.

Good luck.

Tested and verified on SFR 6.1

View solution in original post

2 Replies 2

Go to solution
Tim Verscheure
Level 1
Level 1

‎10-24-2016 07:29 AM

To get this working, please ensure the following is configured:

1. Create External Authentication Object for the Radius server. (System > Users > external authentication). Fill in the required radius server details. IMPORTANT: configure "Administrator Shell Access User List" with the usernames that need shell access. Without it, I could not get it to work.

2. In your system policy, enable this radius server entry for external authentication. do not forget to deploy again after your change.

3. On your radius server, configure authorization to return a radius ACCESS_ACCEPT and "Administrator" class. On Cisco ISE this is using the "ASA VPN" part in the "common tasks" section of the authZ profile.

Good luck.

Tested and verified on SFR 6.1

Go to solution
NeverOutofTune
Level 1
Level 1
In response to Tim Verscheure

‎04-20-2017 06:35 AM

"3. On your radius server, configure authorization to return a radius ACCESS_ACCEPT and "Administrator" class. On Cisco ISE this is using the "ASA VPN" part in the "common tasks" section of the authZ profile."

Has anyone have this working on a Microsoft NPS 2012 that could share the configuration of the NPS portion?

0 Helpful
Customers Also Viewed These Support Documents