Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
2
Replies

Operability issue of ACS 5.0 as Radius with ASA ??

Go to solution
riteshmalpani
Level 1
Level 1

‎03-26-2010 04:39 AM - edited ‎03-10-2019 05:02 PM

Hi ,

I am trying my VPN user to get authenticated with Radius (ACS 5.0). and VPN user database is created in AD. Now when I am trying to connect through Cisco VPN client , I am unable to do so. Infact I get a error message (through debug at ASA level for aaa and isakmp) my RADIUS server is DOWN.

Please let me know is there any compability issue with ACS 5.0 on this because All was working fine on my ACS 4.2 version.

Regards

Ritesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎03-26-2010 06:44 AM

Ritesh,


Yes there is a defect in ACS 5.0 with vpn authentication.

When you will try to connect with VPN client. you will not see any hits in monitoring and views.
In the ASDM logs: You will see radius server is not accessible.
Debugs will show you radius timing out.
This will work with tacacs.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858> ; Used Tacacs+ instead of radius.

If you want to use radius then you need to upgrade your acs version to 5.1

You can down load patch 9 (5-0-0-21-9.tar.gpg ) and  ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from the below mentioned path:

Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software >  5.0.0.21

Reference: ACS upgrade from version 5.0 to 5.1:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html

HTH


Regards,

JK


Do rate helpful posts-

~Jatin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎03-26-2010 06:44 AM

Ritesh,


Yes there is a defect in ACS 5.0 with vpn authentication.

When you will try to connect with VPN client. you will not see any hits in monitoring and views.
In the ASDM logs: You will see radius server is not accessible.
Debugs will show you radius timing out.
This will work with tacacs.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858> ; Used Tacacs+ instead of radius.

If you want to use radius then you need to upgrade your acs version to 5.1

You can down load patch 9 (5-0-0-21-9.tar.gpg ) and  ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from the below mentioned path:

Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software >  5.0.0.21

Reference: ACS upgrade from version 5.0 to 5.1:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html

HTH


Regards,

JK


Do rate helpful posts-

~Jatin
0 Helpful

Go to solution
riteshmalpani
Level 1
Level 1
In response to Jatin Katyal

‎04-01-2010 06:00 AM

Hi JK,

I followed the steps as guided by you to upgrade the ACS 5.0 to 5.1.

Please suggest what steps should i follow so that a vpn user on first logon should be asked for to change password.

Regards

Ritesh

0 Helpful
Customers Also Viewed These Support Documents