Lab Minutes Forum

Technical Discussion => Security => Topic started by: cisco on August 22, 2013, 10:15:00 AM

Title: ISE Radius Not Responding to ASA
Post by: cisco on August 22, 2013, 10:15:00 AM

Has anyone run into this issue?

The ASA is pointing to ISE for Radius (for AnyConnect users).

It was working but stopped. When I pulled the logs, saw the following Radius error.

11007 Could not locate Network Device or AAA Client

Turns out the ASA is sending the request via its inside IP, but putting it's outside public IP in the Call-Station-ID attribute.

Any ideas? I'm digging through ASA on how to set that.

Title: Re: ISE Radius Not Responding to ASA
Post by: MC on August 23, 2013, 12:14:42 AM

Hmm.. ISE shouldn't use Call-Station-ID to match the Network Device though. It should use the RADIUS Request source IP so as long as you configure the ASA to source RADIUS from a correct interface, that should be fine.

Title: Re: ISE Radius Not Responding to ASA
Post by: adecisco on October 29, 2013, 12:26:35 AM

Hello Administrator/MC,

I think it time to start filtering some post as some guys just think they can occupy space for no reason. Restriction and rules should be in place to keep the sanity of this forum.

Thanks.

Title: Re: ISE Radius Not Responding to ASA
Post by: MC on October 29, 2013, 12:29:44 AM

Yes.. It seems we have been getting a lot of spams lately. Will see what we can do. Thanks for this.