Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I urgently need help with an access problem on ACS with MSCHAP-V2 protocol. The client is connecting to our ASA in AnyConnect and RADIUS authentication is happening between our ACS and the client's Windows server. That client is pushing hard to swit...
We provide AnyConnect access to our customers; for a customer I must enable MSCHAPv2 authentication, and to do so I need to let this customer use a separate connection profile.The problem: our setup, which involves Cisco ACS for AAA, forces all of ou...
Where I work we are having some problems with sending bulk email from a single public IP address, as several emails are being blocked or delayed.Currently the server has a 1-to-1 NAT with a specific .73 IP address.The request I got is to distribute e...
We currently have a Cisco ASA through which we provide the AnyConnect service. Users are first authenticated through Cisco ACS and then through DUO.Currently when the user logs into AnyConnect, they get a window to enter username, password and second...
One of our customer's Cisco ASA firewall was found vulnerable to "Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH,D(HE)ater)" following a vulnerability scan.The CVE could either be CVE-2002-20001 or, most likely, CVE-2022-40735.The firmw...
I disabled MS-CHAP-V1 and CHAP on the tunnel-group but that didn't have any effect.The weird part is that when using MS-CHAP-V2, the ACS is not communicating at all with the RADIUS server.I also did a dump of packets when the ACS talks with the ASA, ...
I did look that document but I didn't find anything useful.I can try to disable CHAP and MS-CHAP-V1, enabled by default.I was comparing a successful (left) with a failed (right) authentication. I don't know if it's of any help.The messages in the ora...
I know, but the same password works very well when the user connects using PAP_ASCII. The issue here is just when using MSCHAP-V2. And this is not happening with 1 user, but with 2 users.Strangely, I see packets from the ACS to the Domain controller ...
