Add the ip address of the ASA on the ACS which is 192.168.1.4 and shared secret key which is CISCO123:
Creating a rule in Default Network Access policy
1.select an identity store (means define whether users are internal to ACS or in external database)
2. Authorization policy: (allowing permit or deny access)
Test with CLI:
You can use the test command on the command line in order to test your AAA setup. A test request is sent to the AAA server, and the result appears on the command line.
ciscoasa#test aaa-server authentication RADIUS host 192.168.1.2
username cisco password cisco123INFO: Attempting Authentication test to IP address <192.168.1.2>
(timeout: 12 seconds)
INFO: Authentication Successful
Run the following command to see the debugs:
#Debug aaa common 255
ACS 5.5 secondary registration - Registration failed due to Invalid Certificate
When you enable Trust Communication on your primary and secondary ACS instance, and you register the secondary instance with the primary, both the primary and secondary instance check the CA and server certificates of each other. After the certificates are verified: – If the certificates in both the primary and secondary ACS instances are valid certificates, the instances establish a secure tunnel between them and register the secondary instance to the primary.
I don't think it supports self-signed certificate however you can try installing the self-signed certificate of Primary in the secondary instance CA store and self signed certificate of secondary in the primary instance CA store.
Please post comments if there are any queries and rate if useful.
Hi Guys, just want to double check with you. In FTD, I have 2 subnet and if I need to have intervlan for those 2 VLAN, do I still need to configure an identity NAT or any NAT?My target is doing intervlan routing between the 2 VLAN without any IP change.th...
Hi,I set up DVTI in EVE with 2 routers. HUB------SPOKE.Virtual-template is not showing up/down. Instead of up/up.Checked Phase1 and Phase2 parameters but not sure where I made a mistake.Attached diagram and configuration.Please take a look.
I tested using both Cisco ISE 2.4 (patch 9) and Cisco ISE 2.6 (patch 1). I have a user who successfully authenticated via RADIUS against ISE. Under ISE, Operations > Live Logs (and Live sessions), I see the user authenticated. After the accounting requ...