Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

This thread has been viewed 4 times

  • 1.  Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

    Posted Nov 17, 2015 12:09 PM

    Good Morning Everyone, 

              I've been trying to work through some issues with using Clearpass as a Radius Server for our Cisco Anyconnect login.  I initially noticed an issue when the anyconnect client seems to freeze after the login attempt (pauses for 15-20 seconds) before establishing the remote vpn.  

     

    What I see on the clearpass side is 3 authentication attempts (with the correct username and password typed once),  first is a failed attempt the second is a successful one and then the last is a failed attempt.

     

    The user is allowed access after the 3rd - failed attempt.  I attached the service snapshot, the access tracker snapshot, and the access attempt details.



  • 2.  RE: Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

    Posted Dec 26, 2015 06:06 AM

    always tricky to troubleshoot with limited information but i see two things that could use investigation.

     

    1) the failed attempt says AD timeout (or something like that). so it might be your AD environment is very busy or sometimes unreachable from the CPPM, there is high latency, or perhaps it is rate limiting the ammount of requests from the CPPM. i would focus on that if all failed attempts are with that timeout.

     

    2) you seem to have included about all auth methods. cant imagine this causing an issue but i would trim it down to what you need. that appeared to be PAP, but double check that.