Re: Problem with radius authentication between ASA5510 and radiu

markgdawkins · ‎06-21-2012

I am able to authenticate against this specific radius server from several other radius clients . However when I try to authenticate using the ASA5510 I get this message:

ERROR: Authentication Error: Invalid response received from server

When I ran a debug I got this message.

RADIUS packet decode (response)

--------------------------------------
Raw packet data (length = 27).....
02 dc 00 1b 72 06 13 3d 17 ab 45 1f 77 6f 22 38 | ....r..=..E.wo"8
e4 29 f7 d3 1b 07 38 36 34 30 30 | .)....86400

Parsed packet data.....
Radius: Code = 2 (0x02)
Radius: Identifier = 220 (0xDC)
Radius: Length = 27 (0x001B)
Radius: Vector: 7206133D17AB451F776F2238E429F7D3
Radius: Type = 27 (0x1B) Session-Timeout
Radius: Length = 7 (0x07)
Radius: Value (Hex) = 0x38363430
rad_procpkt: ACCEPT
RADIUS_DELETE
remove_req 0xad07a31c session 0x498 id 220
free_rip 0xad07a31c
radius: send queue empty

Can anyone help is there something I am missing on my asa configuration ?

Richard Burts · ‎06-21-2012

It appears that there was a timeout waiting for a response from the Radius server. My first suggestion would be to check the Radius server and verify that it has a correct configuration for your ASA as a client.

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick

jkl1972 · ‎06-23-2012

I would try extending your timeout value under the radius configuration on the ASA.

Jason

Problem with radius authentication between ASA5510 and radius server