we have phones connecting to a private APN through ACS4.2 that then auth to backend servers. Once auth'd the ACS provides IP addressing from IP pools.
IP pools are set up on 2 possible ACS servers. Access requests are from 2 source NAS-port IPs.
The pools across the 2 servers are split so they are not identical but they each have an upper and lower pool depending on which NAS-port makes the request.
multiple users -> request for auth/IP -> src= either NAS-10.1.1.1 or NAS-10.1.1.2
if 10.1.1.1 give lower range - 10.2.2.1 - 10.2.2.127
if 10.1.1.2 give upper range - 10.2.2.128 - 10.2.2.254
if 10.1.1.1 give lower range - 10.2.3.1 - 10.2.3.127
if 10.1.1.2 give upper range - 10.2.3.128 - 10.2.3.254
The problem is that the ACS is giving out IP addressing that is already in use on the APN by another device to a new request. We then see multiple 'Passed Authentications' before a single Radius 'Start' packet as the requests cycle through until a free IP is gained. Even though each auth is successful the device is dropped from the APN due to 'duplicate IP' messages. Troubleshooting with the provider shows the problem to be at the ACS side.
The pools have address recovery enabled for every 12 hours.
The devices sent 'interim updates' every 30 minutes. So no IP should ever be re-issued without definitely being inactive (the interim updates count as valid traffic).
My questions - why is the ACS still issuing IP addressing that it should know is in use from its own database? Is there any way to further prevent it from doing this?
Setting up some 3rd party devices for my Fire and Rescue trucks that will VPN back to our FPR-2110. I can blatantly see what's going on with the IKEv2 platform and protocol debugs on. It's selecting the wrong dynamic map!IKEv2-PLAT-4: (32): Cry...
On January 22, 2020, the Cisco Product Security Incident Response Team (PSIRT) disclosed a vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC). The vulnerability could allow an unauthenticated, remote attac...
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...