Guest

Preview Tool

Cisco Bug: CSCua86676 - aaa-radius: ASA sending duplicate Radius access request

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(0.2) 8.2(2)

Description (partial)

Symptom:
ASA sends a stored State attribute in the Access-Request for a dACL, which is a violation of the radius protocol.

ACS may complain of a "duplicate radius request" or "invalid attribute"

Conditions:

* VPN authentication against RADIUS ACS 5.2 patch 9 (ACS started denying authentication attempts with the State attribute in this release)
* Authentication involved an Access-Challenge, such as when ACS is integrated with an Entrust IdentityGuard OTP server using RADIUS, or with RSA SecurID with token in 'new pin' or 'next tokencode' mode
* Dynamic ACLs enabled for this user
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.