Add the ip address of the ASA on the ACS which is 192.168.1.4 and shared secret key which is CISCO123:
Creating a rule in Default Network Access policy
1.select an identity store (means define whether users are internal to ACS or in external database)
2. Authorization policy: (allowing permit or deny access)
Test with CLI:
You can use the test command on the command line in order to test your AAA setup. A test request is sent to the AAA server, and the result appears on the command line.
ciscoasa#test aaa-server authentication RADIUS host 192.168.1.2
username cisco password cisco123INFO: Attempting Authentication test to IP address <192.168.1.2>
(timeout: 12 seconds)
INFO: Authentication Successful
Run the following command to see the debugs:
#Debug aaa common 255
ACS 5.5 secondary registration - Registration failed due to Invalid Certificate
When you enable Trust Communication on your primary and secondary ACS instance, and you register the secondary instance with the primary, both the primary and secondary instance check the CA and server certificates of each other. After the certificates are verified: – If the certificates in both the primary and secondary ACS instances are valid certificates, the instances establish a secure tunnel between them and register the secondary instance to the primary.
I don't think it supports self-signed certificate however you can try installing the self-signed certificate of Primary in the secondary instance CA store and self signed certificate of secondary in the primary instance CA store.
Please post comments if there are any queries and rate if useful.
Hello All, I am facing issue in Cisco ISE for Wired Users and would like to get your help. Below are the details 1. We are using ISE version 2.7. 2. Two different series of Cisco Switches 2960x and 9200 3. No issue faced by users who a...
Hi ,I would like to ask about the VRF . I don't much knowledge in VRF. our DC router have 2 VRF to sperate remote user and our branch user. We apply ipsec profile on WAN interface which connected to branches router.But our branch router don't run VR...