11-02-2018 03:16 AM
Hi All,
Greeting,
We are using already configured radius server to integrate with Remote Access Gateway -Firepower/ASA.
Radius is supposed authenticate user and assign following attributes to the user:
IP address, Default Gateway and VLAN. Note: We cant change radius configuration as they are not in our control.
Different region users get different VLAN IDs and IPs from respective subnets.
Now challenging part I need to understand is, where in my setup I have to configure Default Gateway which is assigned to user. Is it my Internet router ? or ASA?
11-02-2018 05:28 AM
It is configured on the ASA, here yiou configure the Anyconnect address pool and default gateway that gets assigned to the client
11-04-2018 09:59 PM
Hello Sagarphadatare44,
I hope you are doing great,
You dont need to configure the default gateway for an IP pool.
Now if the Radius is assigning all those values, you will need to add the "aaa authentication.....// aaa authorizaion network...." in the Radius is where all the config needs to be done, from the Group-policy name which is value 25, IP pool assignment which is 217. So when the user connects it would get all those values.
Take into account that FTD does not support local users, so using AD, or Radius should do it.
Below a sample debug of how it should look like:
Ready to process requests.
rad_recv: Access-Request packet from host 10.14.14.30:1645, id=4, length=98
User-Name = "Users"
User-Password = "XXXX¨
Calling-Station-Id = "10.14.14.17"
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "10.14.14.30"
Service-Type = Dialout-Framed-User
NAS-IP-Address = 10.14.14.30
Now it is easier to have the pool locally configured in the ASA or FTD and have it assigned from there to the users.
Keep us posted,
Please qualify all of the helpful answers!
David Castro,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: