Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CREATE A CPPM SERVICE FOR RADIUS AUTH FROM CISCO ASA VPN

This thread has been viewed 5 times

  • 1.  CREATE A CPPM SERVICE FOR RADIUS AUTH FROM CISCO ASA VPN

    Posted Apr 18, 2020 05:46 PM

    Hello,

    I am trying to use CPPM to authenticate VPN connections from our Cisco ASA via the Anyconnect client on user's laptops.

     

    Would someone mind looking at my config as I have the request hitting the correct service but I only get an 206 authentication error.



  • 2.  RE: CREATE A CPPM SERVICE FOR RADIUS AUTH FROM CISCO ASA VPN

    MVP
    Posted Apr 19, 2020 03:37 AM

    I had an integration previously with Cisco ASA for Anconnect and OnGuard posture health check.

    I had a OU Group in Active Directory for VPN.

     

    This is what i configured and it works:

    1. The Service Overview

    IMG-1.jpg

    Role.

    IMG_2.jpg

    Enforcement.

    IMG_3.jpg

     

    You can test it directly from ASA using CLI with the following command:

    test aaa-server authentication <SERVER-Name> host <IPAddress of the Server> username <username> password <Password>

    Also, enable the debug in ASA firewall to check if CoA is working.

     

     

    Also, try Changing the Type of Service "RADIUS Enforcement (Generic)" to "Cisco Web Authentication Proxy".
    For Rules, Apply:

    Type: RADIUS:Cisco-ASA 

    Name: ASA-TunnelGroupName

    Operator: CONTAINS
    Value: ANYCONNECT