About MarcoLazzarotto

MarcoLazzarotto · 06-17-2024

I urgently need help with an access problem on ACS with MSCHAP-V2 protocol. The client is connecting to our ASA in AnyConnect and RADIUS authentication is happening between our ACS and the client's Windows server. That client is pushing hard to swit...

MarcoLazzarotto · 05-21-2024

We provide AnyConnect access to our customers; for a customer I must enable MSCHAPv2 authentication, and to do so I need to let this customer use a separate connection profile.The problem: our setup, which involves Cisco ACS for AAA, forces all of ou...

MarcoLazzarotto · 05-08-2024

Where I work we are having some problems with sending bulk email from a single public IP address, as several emails are being blocked or delayed.Currently the server has a 1-to-1 NAT with a specific .73 IP address.The request I got is to distribute e...

MarcoLazzarotto · 02-05-2024

We currently have a Cisco ASA through which we provide the AnyConnect service. Users are first authenticated through Cisco ACS and then through DUO.Currently when the user logs into AnyConnect, they get a window to enter username, password and second...

MarcoLazzarotto · 05-23-2023

One of our customer's Cisco ASA firewall was found vulnerable to "Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH,D(HE)ater)" following a vulnerability scan.The CVE could either be CVE-2002-20001 or, most likely, CVE-2022-40735.The firmw...

MarcoLazzarotto · 06-20-2024

I disabled MS-CHAP-V1 and CHAP on the tunnel-group but that didn't have any effect.The weird part is that when using MS-CHAP-V2, the ACS is not communicating at all with the RADIUS server.I also did a dump of packets when the ACS talks with the ASA, ...

MarcoLazzarotto · 06-17-2024

I did look that document but I didn't find anything useful.I can try to disable CHAP and MS-CHAP-V1, enabled by default.I was comparing a successful (left) with a failed (right) authentication. I don't know if it's of any help.The messages in the ora...

Re: Thank for you reply, and I · 06-17-2024

@xiaodong liao I'm pretty desperate because I have the same problem with AnyConnect client authentication. Have you found a solution?

MarcoLazzarotto · 06-17-2024

I know, but the same password works very well when the user connects using PAP_ASCII. The issue here is just when using MSCHAP-V2. And this is not happening with 1 user, but with 2 users.Strangely, I see packets from the ACS to the Domain controller ...

MarcoLazzarotto · 06-17-2024

Sorry, I'm reuploading it as file here.

Member Since	‎05-12-2021 06:22 AM
Date Last Visited	‎05-08-2024 11:16 PM
Posts	47
Total Helpful Votes Received	14

User Statistics

User Activity

Cisco ACS 5.6 - RADIUS with MSCHAP-V2 not working

Cisco ACS - RADIUS - Specify AnyConnect connection-profile

ASA 9.8.4 - Round Robin NAT for SMTP email send not working

AnyConnect DUO with ACS - LDAPS end-of-life - Migration help

Cisco ASA - SSH D(HE)ater remediation

Re: Cisco ACS 5.6 - RADIUS with MSCHAP-V2 not working

Re: Cisco ACS 5.6 - RADIUS with MSCHAP-V2 not working

Re: Thank for you reply, and I

Re: Cisco ACS 5.6 - RADIUS with MSCHAP-V2 not working

Re: Cisco ACS 5.6 - RADIUS with MSCHAP-V2 not working