Cisco Secure Access Control Server (ACS) for Windows supports a fast reconnect feature. When the Protected EAP (PEAP) session resume feature is enabled, the fast reconnect feature causes Cisco Secure ACS for Windows to allow a PEAP session to resume without checking user credentials. When you enable this feature, it allows Cisco Secure ACS for Windows to trust a user based on the cached TLS session from the original PEAP authentication. Because Cisco Secure ACS for Windows only caches a TLS session when phase two of PEAP authentication succeeds, the existence of a cached TLS session is proof that the user has successfully authenticated within the number of minutes defined by the PEAP session timeout option.
The fast reconnect feature is particularly useful for wireless LANs, wherein a user can move the client computer so that a different wireless access point is in use. When Cisco Secure ACS for Windows resumes a PEAP session, the user re-authenticates without entering a password, provided that the session has not timed out. If the end-user client is restarted, the user must enter a password even if the session timeout interval has not ended.
When you deselect the Enable Fast Reconnect check box, this causes Cisco Secure ACS for Windows to always perform phase two of PEAP authentication, even when the PEAP session has not timed out.
Fast reconnection can occur only when Cisco Secure ACS for Windows allows the session to resume because the session has not timed out. If you disable the PEAP session resume feature by entering 0 (zero) in the PEAP session timeout (minutes) box, then selecting the Enable Fast Reconnect check box has no effect on PEAP authentication and phase two of PEAP authentication always occurs.
In order to enable the fast reconnect feature on Cisco Secure ACS for Windows, go to the System Configuration page, select Global Authentication Setup, and click Enable Fast Reconnect.
Firepower 2100 upgrade to ASA 188.8.131.52 will cause reboot loop.
Was just hit by this bug and was luckily able to recover.
Found this in the bug search: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw24700
You can downgrade through console p...
In the case of WAN failures where the MNT is a central location and PSN at other locations will the PSNs queue log messages and then dequeue messages that have been locally buffered once reachability is returned ? Are messag...
Hello all, I have 2 ASA connected with a similar configuration than the attached file. If I need to connect, let´s say, 10 more ASAs between them (full mesh). What is the easiest way to do it? I have to create new tunnel-group and a interface for eac...
Hi Team, Is there any repository for the SecureX playbooks/workflows? I see the default workflows that are already available ("Submit URL to Threat Grid", "Take Forensic Snapshot", etc), how can I see/access some popular or recommended workflows to g...
Meet the Authors Video - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event had place on Thursday 29th, October 2020 at 10hrs ...