Solved: Validate conectivity from FMC managed FTD to Cisco ISE

jdonjuanl · ‎08-29-2019

Hello

We want to configure RAVPN in a Firepower device and use Cisco ISE to authenticate VPN users, Firepower device is managed by FMC.

I need to know if there is a test we can try to validate communication from managed device to Cisco ISE vía CLI.

Regards

Rob Ingram · ‎08-29-2019

Hi,
Assuming you've configured the AAA server on FMC and pushed the policy to the FTD, you can use the "test aaa-server" command. E.g:-

test aaa-server authentication ISE host 192.168.10.20 username User1 password Pa$$word

The output will confirm if successful

INFO: Attempting Authentication test to IP address (192.168.10.20) (timeout: 62 seconds)
INFO: Authentication Successful

In this example ISE is the name of my AAA group, you can confirm the name by running

> show running-config aaa-server
aaa-server ISE protocol radius
dynamic-authorization
aaa-server ISE (INSIDE) host 192.168.10.20
timeout 60
key *****
authentication-port 1812
accounting-port 1813

HTH

View solution in original post

Rob Ingram · ‎08-29-2019

Hi,
Assuming you've configured the AAA server on FMC and pushed the policy to the FTD, you can use the "test aaa-server" command. E.g:-

test aaa-server authentication ISE host 192.168.10.20 username User1 password Pa$$word

The output will confirm if successful

INFO: Attempting Authentication test to IP address (192.168.10.20) (timeout: 62 seconds)
INFO: Authentication Successful

In this example ISE is the name of my AAA group, you can confirm the name by running

> show running-config aaa-server
aaa-server ISE protocol radius
dynamic-authorization
aaa-server ISE (INSIDE) host 192.168.10.20
timeout 60
key *****
authentication-port 1812
accounting-port 1813

HTH