Cisco Secure Access Control Server (ACS) for Windows supports a fast reconnect feature. When the Protected EAP (PEAP) session resume feature is enabled, the fast reconnect feature causes Cisco Secure ACS for Windows to allow a PEAP session to resume without checking user credentials. When you enable this feature, it allows Cisco Secure ACS for Windows to trust a user based on the cached TLS session from the original PEAP authentication. Because Cisco Secure ACS for Windows only caches a TLS session when phase two of PEAP authentication succeeds, the existence of a cached TLS session is proof that the user has successfully authenticated within the number of minutes defined by the PEAP session timeout option.
The fast reconnect feature is particularly useful for wireless LANs, wherein a user can move the client computer so that a different wireless access point is in use. When Cisco Secure ACS for Windows resumes a PEAP session, the user re-authenticates without entering a password, provided that the session has not timed out. If the end-user client is restarted, the user must enter a password even if the session timeout interval has not ended.
When you deselect the Enable Fast Reconnect check box, this causes Cisco Secure ACS for Windows to always perform phase two of PEAP authentication, even when the PEAP session has not timed out.
Fast reconnection can occur only when Cisco Secure ACS for Windows allows the session to resume because the session has not timed out. If you disable the PEAP session resume feature by entering 0 (zero) in the PEAP session timeout (minutes) box, then selecting the Enable Fast Reconnect check box has no effect on PEAP authentication and phase two of PEAP authentication always occurs.
In order to enable the fast reconnect feature on Cisco Secure ACS for Windows, go to the System Configuration page, select Global Authentication Setup, and click Enable Fast Reconnect.
I am setting up a vpn between 2 asa, but the vpn does not go upIt stops in this state : MM_WAIT_MSG2Through the capture I have seen that the requests start from SideA and arrive at SideB but then do not return.In between there is only one routre that can ...
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut...
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot...
Hello I have two asa firewall switches connected in between a server dmz. One of the switches is configured to allow the dmz to access the internet. But I'm having trouble on the second switch because I want the inside host to be able to talk to the dmz b...