I have a couple of questions relating to OWA / Radius authentication through an ASA, these are:1) I want to use AAA Authentication to restrict access for public users inbound to the OWA Server.
My plan is to allow access via the 'aaa authentication match acl' command. Not having done this before I assume that I need to enable port 443 (HTTPS) and port 80 (WWW) - the latter being a concern - is the general consensus to only allow port 443 if possible and avoid port 80 - all suggestions welcome.2) I cannot hit my radius server.
I can ping the Radius box from the ASA device, however, when using the Test button under the AAA Server Groups in ASDM I keep getting a failure stating:
'Authentication test to host 10.0.0.1 failed. Following error occurred - Error: Authentication Server not responding: unknown'
When I debug the radius it show the attempts and a matching number of failures - but I am stumped to what else it could be. The AAA Server name, secret password, secret etc have been configured - whilst I don't have access to the radius box I am assured my test account is correct.
aaa-server AuthInbound protocol radius aaa-server AuthInbound host 10.0.0.1 key blahblah authentication-port 1812 accounting-port 1813
NB I have changed this to 1645 and 1646 to no avail.
Server Group: AuthInbound Server Protocol: radius Server Address: 10.0.0.1 Server port: 1812(authentication), 1813(accounting) Server status: ACTIVE, Last transaction at 20:16:43 GMT/BST Thu Nov 9 2006 Number of pending requests 0 Average round trip time 0ms Number of authentication requests 16 Number of authorization requests 0 Number of accounting requests 0 Number of retransmissions 0 Number of accepts 0 Number of rejects 0 Number of challenges 0 Number of malformed responses 0 Number of bad authenticators 16 Number of timeouts 16 Number of unrecognized responses 0