Security

Reply
Highlighted
Occasional Contributor II

CREATE A CPPM SERVICE FOR RADIUS AUTH FROM CISCO ASA VPN

Hello,

I am trying to use CPPM to authenticate VPN connections from our Cisco ASA via the Anyconnect client on user's laptops.

 

Would someone mind looking at my config as I have the request hitting the correct service but I only get an 206 authentication error.

Highlighted
Frequent Contributor I

Re: CREATE A CPPM SERVICE FOR RADIUS AUTH FROM CISCO ASA VPN

I had an integration previously with Cisco ASA for Anconnect and OnGuard posture health check.

I had a OU Group in Active Directory for VPN.

 

This is what i configured and it works:

1. The Service Overview

IMG-1.jpg

Role.

IMG_2.jpg

Enforcement.

IMG_3.jpg

 

You can test it directly from ASA using CLI with the following command:

test aaa-server authentication <SERVER-Name> host <IPAddress of the Server> username <username> password <Password>

Also, enable the debug in ASA firewall to check if CoA is working.

 

 

Also, try Changing the Type of Service "RADIUS Enforcement (Generic)" to "Cisco Web Authentication Proxy".
For Rules, Apply:

Type: RADIUS:Cisco-ASA 

Name: ASA-TunnelGroupName

Operator: CONTAINS
Value: ANYCONNECT

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: