07-12-2018 01:37 PM
I have set up a pretty wide open policy set for some Juniper firewalls, and it is allowing the authentication in ISE, but the same auth still fails on the Junipers. Any ideas?
Solved! Go to Solution.
07-14-2018 10:01 AM
Assuming you meant the auth records in ISE showing passing, then please debug on the Juniper side and seek support from Juniper. I found a couple of articles on the net might be of help:
07-12-2018 03:04 PM
Question is not clear since stated "it is allowing the authentication in ISE, but the same auth still fails on the Junipers". Is auth working for some but not other devices, or all auth from Juniper is failing? The failure reason (details under red log entry in RADIUS Live Logs) should indicate failure reason.
Juniper RADIUS dictionary is loaded by default in ISE. If hitting correct policy and ISE states auth success, then expect that Juniper FW is rejecting the authorization response. You can verify what is sent in Live Log details. You can also select Juniper-specific authorizations by selecting the Advanced Attributes and picking the Juniper RADIUS dictionary.
07-14-2018 10:01 AM
Assuming you meant the auth records in ISE showing passing, then please debug on the Juniper side and seek support from Juniper. I found a couple of articles on the net might be of help:
11-07-2019 07:19 AM
It's a bit odd that after my post the question was solved with an old post. David?
11-07-2019 04:25 AM
Hi David,
How did you solved this?
I have the same issue with one SRX and one vSRX, both on version 15. I have other similar devices running similar versions, and with those I'm successful.
In ISE logs, RADIUS access-accept is returned but the authentication on the device is 'access denied'. I already read the material posted here and other resources. I did the debug on Junipers (traceoptions) and all my ideas are exhausted now. I have to surrender and open a case with Juniper.
Your feedback will be much appreciated.
Thanks,
Catalin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide