Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
228
Views
0
Helpful
0
Replies

ASA bug handling RADIUS protocol

richardl11
Level 1
Level 1

‎03-15-2016 08:31 PM

I posted this some time ago but never got a response.

Capturing logs, with debug aaa authentication, radius decode, crypto ipsec 255, and crypto ikev1 255.

Multiple Reply-Message's are allowed for in the Access-Challenge

The Attributes field MAY have one or more Reply-Message Attribute

Also for Reply-Message

Multiple Reply-Message's MAY be included and if any are displayed, they MUST be displayed in the same order as they appear in the packet.

Looking at the logs above, at line 622 you can see the RADIUS Access-Challenge with TWO Reply-Messages. Then on line 659 you can see the IKEv1 raw dump containing only one of the Reply-Message's. Is this a limitation of IKE, a misconfiguration of how the Access-Challenge is setup, a misconfiguration of how the ASA is setup or a bug in ASA?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents