近日对ciscovpn认证服务器进行迁移发现ASA5520配置raidus后会有一定延时(启动时间)才能进行验证。
配置命令后,使用 test aaa-server authentication remote_vpn_auth username命令验证用户/密码通过,但cisco客户端无法完成认证。3分钟后发现server状态启用,正常拨入。
第一次show发现server状态为error,再一次show发现正常启用了。
ciscoasa# show aaa-server
Server Group: LOCAL
Server Protocol: Local database
Server Address: None
Server port: None
Server status: ACTIVE, Last transaction at 13:39:02 UTC Fri Aug 17 2012
Number of pending requests 0
Average round trip time 0ms
Number of authentication requests 214
Number of authorization requests 0
Number of accounting requests 0
Number of retransmissions 0
Number of accepts 22
Number of rejects 192
Number of challenges 0
Number of malformed responses 0
Number of bad authenticators 0
Number of timeouts 0
Number of unrecognized responses 0
Server Group: remote_vpn_auth
Server Protocol: radius
Server Address: 172.17.4.105
Server port: 1645(authentication), 1646(accounting)
Server status: FAILED, Server disabled at 13:30:08 UTC Fri Aug 17 2012Number of pending requests 0
Average round trip time 70ms
Number of authentication requests 5
Number of authorization requests 0
Number of accounting requests 0
Number of retransmissions 0
Number of accepts 2
Number of rejects 0
Number of challenges 0
Number of malformed responses 0
Number of bad authenticators 0
Number of timeouts 3
Number of unrecognized responses 0
ciscoasa# show aaa-server
Server Group: LOCAL
Server Protocol: Local database
Server Address: None
Server port: None
Server status: ACTIVE, Last transaction at 13:39:03 UTC Fri Aug 17 2012
Number of pending requests 0
Average round trip time 0ms
Number of authentication requests 214
Number of authorization requests 0
Number of accounting requests 0
Number of retransmissions 0
Number of accepts 22
Number of rejects 192
Number of challenges 0
Number of malformed responses 0
Number of bad authenticators 0
Number of timeouts 0
Number of unrecognized responses 0
Server Group: remote_vpn_auth
Server Protocol: radius
Server Address: 172.17.4.105
Server port: 1645(authentication), 1646(accounting)
Server status: ACTIVE, Last transaction at 13:39:31 UTC Fri Aug 17 2012
Number of pending requests 0
Average round trip time 70ms
Number of authentication requests 5
Number of authorization requests 0
Number of accounting requests 0
Number of retransmissions 0
Number of accepts 2
Number of rejects 0
Number of challenges 0
Number of malformed responses 0
Number of bad authenticators 0
Number of timeouts 3
Number of unrecognized responses 0
关于ASA5520的radius认证remote vpn用户配置延时
猜你喜欢
转载自cash.iteye.com/blog/1635001
今日推荐
周排行