Hello all,
We have a Cisco ASA 5510 on 8.0[3]. we are integrating this with second factor vendor to provide extra security for our users via RADIUS
In our lab setup, we are seeing strange behaviour.
1) ASA sends access-request radius packet to the 2FA server
2) 2FA server sends back an access-challenge packet back to the ASA
We were expecting the ASA to display the message to the user to enter the challenge, instead it just comes back with
ERROR: Authentication Challenged: No error
Similar result if we are using the test radius as well. It seems like the ASA 5510 is not processing the access-challenge packet and treating it as reject?
I looked around but could not seem to find any setting that disable access-challenge….
any one seen this before?