Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All,
We have NPS configured to authenticate access to our ASA and it doesn't not appear to be working properly. The logs for the NPS indication I was granted access, it reflects the policy I created in the log details but the ASA rejects the logi...
Hi All,
We've had an issue were recently we cannot connect to SSL VPN due to failed login attempts. We have 2 RADIUS servers we use, 1 for 2FA authentication (Duo-RADIUS) and 1 for management access (PNLRADIUS). I ran debugs while trying to log int...
Hi All,
I have a 3750 that has a few different DHCP pools setup on it, 1 of the pools is for a guest wireless vlan that seems to be giving us issues. Wifi is running on Meraki APs, the APs are configured as trunk with all vlans allowed. Our interna...
Hi all,I ran into a weird issue while making some network changes last night. We have a 3750x connected to a firewall on a flat network, devices on Vlan1 get an IP from the firewall and everything works fine. Last night I created a new vlan to conn...
Hi All, I'm trying to connected an 1831 AP to an eval version of vWLC 8.x (I've tried multiple) and keep getting this error:No more AP manager addresses remain..[*12/15/2020 16:02:01.8307] No more AP manager addresses remain..[*12/15/2020 16:02:01.83...
Here are the AAA settings from our ASA:
Colo-asa/pri/act# sh run | i aaaaaa-server PNLRADIUS protocol radiusaaa-server PNLRADIUS (inside) host 10.50.99.11aaa-server Duo-LDAP protocol ldapaaa-server Duo-LDAP (outside) host api-f4f9fba9.duosecurity.c...
Yes, that is correct.
Something else to add, we just the same RADIUS server for authentication to other Cisco devices such as a few switches and a WLC and RADIUS authentication works fine on those devices.
The ASA completely rejects the login. When you put the password in it just says "Access Denied" like it was a wrong password, but NPS logs show a valid login.
Thank you Paul.
I've Disabled IP routing on all switches except the main switch (as it's needed there), removed VRRP, everything related to 10.10.10, removed the IP helper for VLAN and removed the second vlan 999 DHCP pool.Meraki Portal is tagging ...
