I'm trying to set up RADIUS authentication for AnyConnect users using a Windows NPS server. The authentication is working from the ASA fine:
ASA# test aaa-server authentication RADIUS username mmurray password $
Server IP Address or name: 10.10.2.2
INFO: Attempting Authentication test to IP address <10.10.2.2> (timeout: 12 seconds)
INFO: Authentication Successful
But when I try to connect via AnyConnect it looks like the ASA is not using RADIUS but just the local user database instead:
AAA user authentication Rejected : reason = User was not found : local database : user = ***** : user IP =
What am I missing?
ASA# sh run aaa
aaa authentication ssh console LOCAL
aaa authentication match aaa-auth inside RADIUS
ASA# sh run aaa-server
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 10.10.2.2
key *****
ASA# sh run tunnel-group
tunnel-group employeegroup type remote-access
tunnel-group employeegroup general-attributes
address-pool remoteaccessvpn
authentication-server-group (inside) RADIUS
default-group-policy employeegroup
tunnel-group employeegroup webvpn-attributes
group-alias employeegroup enable
tunnel-group employeegroup ipsec-attributes
ikev1 pre-shared-key *****
ASA# sh run webvpn
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-4.1.02011-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-4.1.02011-k9.pkg 2
anyconnect enable
cache
disable
error-recovery disable
