Security

Reply
New Contributor
Posts: 1
Registered: ‎06-09-2015

Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

Good Morning Everyone, 

          I've been trying to work through some issues with using Clearpass as a Radius Server for our Cisco Anyconnect login.  I initially noticed an issue when the anyconnect client seems to freeze after the login attempt (pauses for 15-20 seconds) before establishing the remote vpn.  

 

What I see on the clearpass side is 3 authentication attempts (with the correct username and password typed once),  first is a failed attempt the second is a successful one and then the last is a failed attempt.

 

The user is allowed access after the 3rd - failed attempt.  I attached the service snapshot, the access tracker snapshot, and the access attempt details.

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

always tricky to troubleshoot with limited information but i see two things that could use investigation.

 

1) the failed attempt says AD timeout (or something like that). so it might be your AD environment is very busy or sometimes unreachable from the CPPM, there is high latency, or perhaps it is rate limiting the ammount of requests from the CPPM. i would focus on that if all failed attempts are with that timeout.

 

2) you seem to have included about all auth methods. cant imagine this causing an issue but i would trim it down to what you need. that appeared to be PAP, but double check that.

Search Airheads
Showing results for 
Search instead for 
Did you mean: