CREATE A CPPM SERVICE FOR RADIUS AUTH FROM CISCO ASA VPN
04-18-2020 02:46 PM
I am trying to use CPPM to authenticate VPN connections from our Cisco ASA via the Anyconnect client on user's laptops.
Would someone mind looking at my config as I have the request hitting the correct service but I only get an 206 authentication error.
Re: CREATE A CPPM SERVICE FOR RADIUS AUTH FROM CISCO ASA VPN
04-19-2020 12:36 AM - edited 04-19-2020 12:40 AM
I had an integration previously with Cisco ASA for Anconnect and OnGuard posture health check.
I had a OU Group in Active Directory for VPN.
This is what i configured and it works:
1. The Service Overview
You can test it directly from ASA using CLI with the following command:
test aaa-server authentication <SERVER-Name> host <IPAddress of the Server> username <username> password <Password>
Also, enable the debug in ASA firewall to check if CoA is working.
Also, try Changing the Type of Service "RADIUS Enforcement (Generic)" to "Cisco Web Authentication Proxy".
For Rules, Apply: