Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
0
Replies

BUG in asa9.12.4.37 and asa9.12.4.35?

Simon.W
Level 1
Level 1

‎12-12-2021 04:58 AM - edited ‎12-12-2021 05:01 AM

Hello!

The setup is an ASA for AnyConnect with Microsoft NPS(RADIUS), the NPS is for authenticate users, applies a NPS Policy.

Then the ASA apply correct GroupPolicy for a user.The ASA check with NPS if the user is a AD-group that are allow to use VPN, depending on the AD-group different NPS-policy are applied. NPS-policy's has different RADIUS class 25 values, the values are GroupPolicy's on the ASA. The NPS respond to ASA so right ASA GroupPolicy applied on the user, the GroupPolicy on the ASA then map users to different DHCP-pools. 

But after upgrade from ASA 9.12.4.30 to later version 9.12.4.xx, the ASA doesn't seems to read the RADIUS Class 25 value correct. User doesn't get the right GroupPolicy, users just gets default GroupPolicy for ConnectionProfile. 

Has someone else encountered this problem after upgrade from ASA 9.12.4.30?

 

Setup:
ASA5512-X with asa9.12.4.35 or asa9.12.4.37

AnyConnect 4.10.04065

Windows Server 2012 R2

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents