VPN – Cisco ASA
In this topic, you will learn how to configure Cisco ASA to work together with Portnox™ Cloud and 802.1X RADIUS authentication for VPN connections.
Important: This guide provides general instructions for integrating Portnox Cloud with specific
third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across
manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every
scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to
Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation
and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed
configuration of third-party devices is typically best handled by the manufacturer.
Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It
may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation
for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the
manufacturers update their firmware or release new models.
-
Create a RADIUS server group by navigating to Add.
and clicking on
-
In the Add AAA Server Group window that appears:
- Specify a name for the AAA Server Group.
- In Protocol, select RADIUS.
- Enter a Realm-id.
-
Select the AAA server group you created, and in the Servers in the Selected Group section, click
on Add.
-
In the Edit AAA Server window that appears:
- Enter the cloud RADIUS details: the IP address, the authentication port, the accounting port, and the shared secret.
- Update the Timeout to 30 seconds.
- Verify that the Microsoft CHAPv2 Capable checkbox is checked.
- Click on OK.
-
Navigate to Connection Profiles section, click on
Add.
, and in the
-
In the Edit AnyConnect Connection Profile window that appears:
- Go to the Basic tab.
- Specify a Name for the connection profile.
- Specify Aliases for the connection profile.
- Select the AAA server group that was created earlier.
- Select Client Address Pools.
- Check the Enable SSL VPN client protocol checkbox.
- Specify DNS servers.
- Specify Domain Name.
- Go to the Advanced tab.
- Check the Enable password management checkbox.
- Click on Apply.
-
Verify that:
- In the Access Interfaces section, the Enable Cisco AnyConnect VPN Client access on the interface selected in the table below checkbox is checked.
- In the Login Page Settings section, the Allow user to select connection profile on the login page checkbox is checked.