Hi,
We use authentication proxy for propagting dacl per user in our branches LAN via cisco ise & 7200 & 3845 routers. Now we upgrading our routers to ASR1000 series (running IOS-XE 17.3.3). The syntax of ip auth-proxy is changed to ip admission in IOS-XE (some features like custom portals are added too.) We just want to move same config to new router with default portal but it does not work. Here are before and after migration configuration:
3845 (7200):
aaa authentication login default group radius
aaa authorization auth-proxy default group radius
ip auth-proxy name AUTHPROXY http inactivity-time 60 list HTTP
ip http server
ip http authentication aaa
no ip http secure-server
<radius server config>
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip access-group INSIDE_IN in
ip auth-proxy AUTHPROXY
!
ip route 10.0.0.1 255.255.255.255 Null0 name AUT-Proxy
!
ip access-list extended HTTP
permit tcp any host 10.0.0.1 eq www
ASR1002-X:
aaa authentication login default group radius
aaa authorization auth-proxy default group radius
ip admission name AUTHPROXY proxy http list HTTP
ip http server
ip http authentication aaa
no ip http secure-server
<radius server config>
!
interface GigabitEthernet0/0/0
ip address 1.1.1.1 255.255.255.0
ip access-group INSIDE_IN in
ip admission AUTHPROXY
!
ip route 10.0.0.1 255.255.255.255 Null0 name AUT-Proxy
!
ip access-list extended HTTP
permit tcp any host 10.0.0.1 eq www
-------------------------------------------------------------------------------------------------
In ASR 1002 when I issue show ip admission cache i see nothing and the clients cant connect to login portal
I appreciate any help
tnx in advance