07-25-2008 07:59 AM - edited 02-21-2020 03:51 PM
Hi,
I am using a Cisco ASA 5520, Cisco VPN Clients can authenticate using RADIUS but Clientless SSL users can't. I am using the ASDM where do I need to check?
I can also use the CLI if needed.
Thanks
07-25-2008 09:53 AM
Andy,
Are you using ACS for Radius or MS IAS? if using ACS see this link to double check your Webvpn tunnel config.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c18ff.shtml
In link above you can test RADIUS from withing ASDM for the Webvpn tunnel profile, try testing it from asa asdm.
Last but not least, look at the firewall logs, if your config seems correct you may need to debug, see link for more details, if no joy post output of debug.
ciscoasa#debug radius
Rgds
Jorge
07-25-2008 10:08 AM
Hi,
I'm using MS IAS, and it's working well for my Cisco Client VPN's on the same ASA and at one point I managed to lock my Windows Active Directory account out, so it must of contacted the IAS server at some point.
I've only turned on Clientless SSL VPN today, I've never used it before, but the strange thing is I can login using my SSH/ASDM username and password (local). Does this help, not sure which area to look on the ASDM or CLI?
Thanks for your time.
08-29-2008 10:09 AM
Hi,
Have you done this yet?
Once you have configured the AAA server group and server, navigate to Configuration/Remote Access VPN/Clientless SSL VPN Access/ Connection Profiles in order to configure WebVPN to use the new AAA configuration.
Choose the profile for which you want to configure AAA, and click Edit.
Under Authentication choose the RADIUS server group that you created earlier. Click OK when finished.
Testing
Verify your RADIUS configuration with the Test button on the AAA Server Groups configuration screen. Once you supply a username and password, this button allows you to send a test authentication request to the ACS server.
Choose Configuration/Remote Access VPN/AAA Setup/AAA Server Groups.
Select your desired AAA Server group in the top pane.
Select the AAA server that you want to test in the lower pane.
Click the Test button to the right of the lower pane.
In the window that appears, click the Authentication radio button, and supply the credentials with which you want to test. Click OK when finished
HTH
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide