Re: RADIUS Attribute for Source IP

Doopzzy · ‎01-13-2025

Currently on a Cisco ASA, we use RADIUS authentication for WEBVPN users. For the logs on the RADIUS server we are not receiving the originating public IP of the users failed/successful attempts, rather we are getting OUR public IP of the gateway for WEBVPN. The RADIUS server is setup use attribute 31 for the source.

To attempt to find the correct attribute I did a "debug radius all" but only received the binary values for the attributes therefore not telling me the correct attribute that is giving the source.

I do know that Cisco has vendor specific attributes that gives a string with the source IP, but I am unsure if the RADIUS server can parse through this to just use the source IP. Please let me know if any experience or ideas to try.

MHM Cisco World · ‎01-13-2025

Check the Asa radius support attribute

https://www.cisco.com/c/en/us/td/docs/security/asa/asa919/configuration/general/asa-919-general-config/aaa-radius.html#ID-2113-00000029

MHM

ahollifield · ‎01-13-2025

Why use RADIUS at all? What is the MFA strategy here? Why not use a SAML Flow instead?