Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

nickz23 · ‎06-09-2015

Good Morning Everyone,

I've been trying to work through some issues with using Clearpass as a Radius Server for our Cisco Anyconnect login. I initially noticed an issue when the anyconnect client seems to freeze after the login attempt (pauses for 15-20 seconds) before establishing the remote vpn.

What I see on the clearpass side is 3 authentication attempts (with the correct username and password typed once), first is a failed attempt the second is a successful one and then the last is a failed attempt.

The user is allowed access after the 3rd - failed attempt. I attached the service snapshot, the access tracker snapshot, and the access attempt details.

boneyard · ‎11-30-2011

always tricky to troubleshoot with limited information but i see two things that could use investigation.

1) the failed attempt says AD timeout (or something like that). so it might be your AD environment is very busy or sometimes unreachable from the CPPM, there is high latency, or perhaps it is rate limiting the ammount of requests from the CPPM. i would focus on that if all failed attempts are with that timeout.

2) you seem to have included about all auth methods. cant imagine this causing an issue but i would trim it down to what you need. that appeared to be PAP, but double check that.

Innovate at the speed of mobile and IoT.

Be in the know.

Join, Learn, Share.

How can we help?

Essential Reading.

Ideas Exchange.

Security

Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

Re: Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

Amigopod Operator Login assignment using VSAs?

Clearpass evaluation

Bonjour (AirPlay) by device location with CP

Backup CPPM

Can't see IOS Onboard device

Amigopod Operator Login assignment using VSAs?

Re: Server Rules and logical expressions

Re: Using Clearpass with EOL hardware.

Re: Restricting who can onboard a device in ClearPass

Re: ClearPass Policy Manager 5.0.1.38855 upgrade to 5.1.1

Deploying BYOD: Onboarding, Provisioning, Policy, Reporting

WLAN Security Fundamentals

[AirheadsConf LV 2013 Breakout] Networks - Mobility Access Switch Security Architecture

[VIDEO] Captive Portal Authentication with Aruba Instant and ClearPass

[VIDEO] 802.1X Authentication with Aruba Instant and ClearPass

Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Remote AP Networks

Aruba Remote Access Point (RAP) Networks Validated Reference Design

Apple Captive Network Assistant Bypass with ClearPass Guest

Lync Over Aruba WiFi

AOS and CPPM – Dot1x Authentication and integration

Security

Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

Re: Clearpass Radius AAA setup with Cisco ASA attempts authentication 3 times per login attempt.

Follow Us