08-13-2014 01:40 PM
Hi,
I'm working on getting ssl vpn users authenticated via radius. Whenver a user authenticates I get the following attributes passed from the ASA :
User-Name = "user"
User-Password = "***"
NAS-Port = 266403840
Calling-Station-Id = "1.1.1.1"
NAS-Port-Type = Virtual
NAS-IP-Address = 2.2.2.2
cisco-avpair = "ip:source-ip=1.1.1.1<30><149>"
Pretty standard stuff, but from the documentation ASA's support many more attributes. Why aren't these being passed in the authentication request? Is there something I need to do to enable these? Basically I have differnet tunnel groups with overlapping usernames, and the ASA isn't providing me any info on what group or url the user landed on, so I don't know how to authenticate these users. Realms aren't an option for me.
Solved! Go to Solution.
08-13-2014 02:19 PM
Is that really all that is sent? The RADIUS-request should include the tunnel-group-name like the following which is from a "debug radius" on an ASA 8.4(5):
Radius: Type = 146 (0x92) Tunnel-Group-Name
Radius: Length = 8 (0x08)
Radius: Value (String) =
56 50 4e 2d 44 45 | VPN-DE
08-13-2014 02:19 PM
Is that really all that is sent? The RADIUS-request should include the tunnel-group-name like the following which is from a "debug radius" on an ASA 8.4(5):
Radius: Type = 146 (0x92) Tunnel-Group-Name
Radius: Length = 8 (0x08)
Radius: Value (String) =
56 50 4e 2d 44 45 | VPN-DE
08-14-2014 06:04 AM
Yeah thats all I get. Are you seeing that in an authentication request or an authorization?
I'm running 8.0(3)12, maybe thats the problem?
08-14-2014 06:08 AM
ok, so it looks those attributes were added 8.4(3), from the release notes
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html
08-14-2014 06:35 AM
> I'm running 8.0(3)12, maybe thats the problem?
Ok, I didn't expect a such old version ...
Version 8.0 is already "End of Software Maintainance".
If you are planning the migration to 8.4, keep in mind that the Memory-requirements are higher then for older releases.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide