HELP FILE

Cisco ASA VPN configuration for the LastPass Universal Proxy RADIUS protocol

    Before you begin:
    Set your local user profile to have the proper privilege level to your Cisco ASA system:
    • In the Remote Access VPN > AAA/Local Users > Local Users menu, Privilege Level field, select 15.
      Note: You must set your privilege level to 15 in order to have unrestricted administrator access to your ADSM/CLI management surface.
    About this task:
    Note: Only Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes are supported by the service.
    • Create a RADIUS server group per AAA:
      1. Open the Cisco AnyConnect Configuration Wizard.
      2. Go to Remote Access VPN > AAA/Local Users > AAA Server Groups in the left navigation, to add an AAA server group to your AnyConnect connection profile.
      3. Click Add in the AAA Server Groups area.

        Result: The Add AAA Server Group dialog box appears.

      4. In the AAA Server Group field, enter a name.
      5. In the Protocol field, select RADIUS.
      6. Set the following parameters:

        Accounting Mode
        Single
        Reactivation Mode
        Depletion
        Dead Time
        10 minutes
        Max Failed Attempts
        1

      7. Click OK.

        Result: The Add AAA Server Group dialog box closes, and the new server group is added to the AAA Server Groups table.

      8. Click Apply.
    • Add the RADIUS server to a server group:
      1. In the AAA Server Groups area, click the server group to which you want to add a server.
      2. Click Add, in the Servers in the Selected Group area.

        Result: The Add AAA Server dialog box appears for the server group.

      3. Set the following parameters:

        Interface Name
        Choose the interface name on which the authentication server resides.
        Server Name or IP Address
        Add either a server name or IP address for the server that you are adding to the group.
        Timeout
        60
        Server Authentication Port
        1812
        Server Accounting Port
        1813
        Server Secret Key
        Enter the password which is set on your RADIUS server for this NAS.
        Common Password
        Leave blank.
        Microsoft CHAPv2 Capable
        Uncheck the checkbox.

      4. Click OK.
      5. Click Apply.The Add AAA Server dialog box closes, and the AAA server is added to the AAA server group.
    • Test the RADIUS server authentication:
      1. Select the server you want to test in the Servers in the Selected Group.
      2. Click Test.

        Result: The Test AAA Server dialog box appears for the selected server.

      3. Choose the Authentication radio button.
      4. In the Username field, enter your username.
      5. In the Password field enter your password.
      6. Click OK.

        Result: The Adaptive Security Appliance (ASA) sends an authentication test message to the server. An Information dialog box appears, showing if the test failed or was successful.