10-31-2013 08:39 AM - edited 03-11-2019 07:58 PM
Version...
Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)
We have an ASA 5505 on all our sites. The ASA is connected to a secondary ISP for redundancy. It has an IPSec VPN connection back to HQ.
Issue: We have TACACS and FreeRADIUS implemented on a server back at HQ. I will add in a rule to the INSIDE interface that allows tacacs and radius respectively. When I test my tacacs authentication, its successful. When I go to test my radius, it fails. Both services are on the same server. I have moved the radius ACL up to the top of the ACL list, still not working. I have added a rule in my crypto map, still not working. Packet tracer just says an implicit rule is denying but it wont say which one. I'm at a loss. It seems it has to do with UDP protocol for radius because Tacacs works fine. I have added rules all over the place and it has been denied.
aaa-server radius protocol radius
aaa-server radius (inside) host 192.168.50.X SECRET
authentication-port 1812
accounting-port 1813
aaa-server tacacs protocol tacacs+
aaa-server tacacs (inside) host 192.168.50.X SECRET
access-list inside extended permit tcp 10.2.X.0 255.255.255.0 host 192.168.50.X eq tacacs
access-list inside extended permit udp 10.2.X.0 255.255.255.0 host 192.168.50.X range radius radius-account
10-31-2013 09:45 AM
Steve,
The actual problem you're hitting is this one:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl25826
NOW... you might be lucky if you upgrade your ASA to something containing fix to:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCty03086
and
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr16184
However I will not make any guarantees.
Open up a TAC case if you want to have troubleshooting assistance.
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide