Interim update in the radius ASA

Hi
i config radius in the ASA and also i set interim update for sending start stop updates toward radius client . i got a debug command on the asa   but i didn't see any update in the output file.
thanks
dynamic-access-policy-record DfltAccessPolicy
aaa-server ut_AAA protocol radius
 accounting-mode simultaneous
 interim-accounting-update periodic 1
aaa-server ut_AAA (Outside) host 192.168.112.29
 key *****
 authentication-port 1812
 accounting-port 1813
 radius-common-pw *****
 no mschapv2-capable

This problem was solved by upgrading the 5545-X from version 8.6(1)2 to version 9.1.2;
nothing else changed

Similar Messages

  • Missing AVP 29 VSA 23 in the Radius Access-Request sent by ASA 5545-X 8.6

    Hello,
    we are migrating from ASA 5520 Version 8.4(3) to ASA 5545-X Version 8.6(1)2 with the same configuration ;
    we are stuck with a Radius authentication problem related to an ASA clientless ASA access ;
    when we compare the Radius dialog between each ASA (the old one and the new one) and the same Radius ACS 5.3 server, we can see that the only difference is there is a missing AVP 29 VSA 23 in the Radius Access-Request sent by the new ASA-5545-X compared to the good one sent   by the old ASA 5520;
    this AVP 29 VSA 23 carries the tunnel-group name as defined in the ASA configurtion ;
    5545-X ad 5520 configuration files have been double-checked and compared : no difference between both files
    any help would be appreciated to diagnose this problem
    thanks in advance

    This problem was solved by upgrading the 5545-X from version 8.6(1)2 to version 9.1.2;
    nothing else changed

  • Wrong accounting (AAA) interim update counter

    Hi,
    In our broadband ADSL service, we use 7206-NPE-G2 as Bras and standard radius as AAA server working together. In normal situaton both (Bras & AAA) work together properly and all AAA functions (Authentication, Authorization and Accounting) are fine. we have an symtom here and when it happens sometimes we will have wrong accounting interim update counter (I mean, Bras send a huge data traffic accouting for specific pppoe subscriber).
    here is the symptom:
    Primitive symptom: subscriber's pppoe connection drops before first accounting interim update (because of port error for example) in the other hand subscriber's pppoe connection stays connect less than 10 minutes (in this case intream updates has set on 10 minutes),
    Primary symptom (our issue): sometimes Bras send an accounting packet with a large number value to AAA radius server, but it is not correct because in less than 10 minutes subscriber does not able to operate such huge traffic. 
    this symptom happens just sometimes and it does not happen in all less than 10 minutes pppoe disconnections.
    Has anybody faced to this symptom? I would be thankful if somebody can help me to solve this issue.
    our IOS version is "c7200p-advipservicesk9-mz.122-33.SRD3.bin"
    Thank you,
    Mirtohid Naslpak

    Please use the below commands to check up with the interval.
    Router# show ssg service service-name
    Displays the information for an SSG service, including the accounting parameters and interval.
    Router# debug radius
    Troubleshoots communications between the RADIUS server and the network access server (NAS).
    Router# radius-server vsa send
    Sends vendor-specific attributes with authentication and accounting requests to the AAA server.

  • ISE continue to receiving authentication message after removed the radius host test configuration on a IOS router

    I have two issues but related and need help:    
    anyone know how to disable or stop a radius host test message send every seconds from a IOS router after the test statement removed and all radius server information removed from the configuration?   I have this odd testing for the new ISE server.  the purpose of testing is not for load balancing, but find out if IOS support different protocol using radius other than PAP if PPP is not used. after the test, I cannot stop it.  I have a case opened with Cisco, the answer is no way to stop it other than reboot the router. I tried to remove aaa new model and add it back, no help. I have put an access-list on the LAN interface deny the IP any to the radius host and port, no match found.
    On the ISE (version 1.1.1), due to the IOS router test cannot be stopped, the alive authentication page fills up all the authentication failure messages. anyone know how to block the host from ISE live authentication log (the router has been removed from the device page)? 
    below is part of messages from the IOS router (version 15.0.1M6) debug. where 10.2.2.144 is the ISE IP and totally removed from the config. there is no any radius or the ISE IP in the config.
    Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
    Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
    Aug 28 10:21:15.384: AAA/SG/TEST: Verifying if further testing required to determine server state.
    Aug 28 10:21:15.384: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
    Aug 28 10:21:15.384: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
    Aug 28 10:21:33.752: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:21:33.976: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:21:33.976: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
    Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
    Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
    Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
    Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) quarantined.
    Aug 28 10:22:33.976: AAA/SG/TEST: Sending 1 Access-Requests, 1 Accounting-Requests in current batch.
    Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
    Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
    Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
    Aug 28 10:22:33.976: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
    Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
    Aug 28 10:22:52.760: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:22:53.176: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:22:53.176: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
    Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
    Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
    Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
    Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
    Aug 28 10:21:15.384: AAA/SG/TEST: Verifying if further testing required to determine server state.
    Aug 28 10:21:15.384: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
    Aug 28 10:21:15.384: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
    Aug 28 10:21:33.752: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:21:33.976: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:21:33.976: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
    Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
    Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
    Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
    Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) quarantined.
    Aug 28 10:22:33.976: AAA/SG/TEST: Sending 1 Access-Requests, 1 Accounting-Requests in current batch.
    Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
    Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
    Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
    Aug 28 10:22:33.976: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
    Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
    Aug 28 10:22:52.760: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:22:53.176: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
    Aug 28 10:22:53.176: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
    Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
    Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
    Thanks in advance,

    It seems reload is the only way to fix it. I don't think there is any way to stop or ignore messages for specific host in live authentication page of ISE. From security point of view it is required to logs all the authentication hits.
    Regards,
    ~JG
    Do rate helpful posts!

  • RADIUS, ASA, and Expired Passwords

    We have an ASA 5510 with RADIUS setup for authenticating users. The RADIUS server is a Win2003 server running IAS. Users are not getting notified of their domain passwords impending expiration and are not being given the option to change it.
    Per the documentation we have the Tunnel Group option "Enable notification upon password expiration..." and "Enable notification prior to expiration" set with the number of days equal to the domain setting of 14 days.
    Is this a bug, or am I missing something?
    ~rick

    Bah, forgot to mention that this is a VPN issue using Ciscos VPN Client version 5.0.00.0340.

  • MARS and the new ASA version 8.2

    Can MARS parse the NSEL (netflow) output from a version 8.2 ASA appliance?
    Should I send the output to MARS or wait for a MARS update?

    Check this link:
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-526545.html
    Cut and paste from article:
    Cisco NetFlow Secure Event Logging: This feature was originally introduced on the Cisco ASA 5580, and is now extended to other Cisco ASA models to provide administrators with more comprehensive event logging information.

  • Updating License & Signatures on ASA-SSM-10

    Hi,
    Does the same options are used to:
    updating IPS License and updating signatures on ASA-SSM-10?
    Actually i updated license file received from cisco licensing team:
    using IDM 6.0 > licensing option > update license > file location:
    and I was trying to update signatures using same options (as i dont find seprate options to update signatuers) but it gives error:
    Invalid license etc.,
    could anyone guide.
    Thank you.

    In the Update Sensor pane, you can immediately apply service pack and signature updates.
    Update Sensor Pane Field Definitions
    The following fields are found in the Update Sensor pane:
    •Update is located on a remote server and is accessible by the sensor—Lets you specify the following options:
    –URL—Identifies the type of server where the update is located. Specify whether to use FTP, HTTP, HTTPS, or SCP.
    –://—Identifies the path to the update on the remote server.
    –Username—Identifies the username corresponding to the user account on the remote server.
    –Password—Identifies the password for the user account on the remote server.
    •Update is located on this client—Lets you specify the following options:
    –Local File Path—Identifies the path to the update file on this local client.
    –Browse  Local—Opens the Browse dialog box for the file system on this local  client. From this dialog box, you can navigate to the update file.

  • Cisco IPS SSM 10 Sensor can't update signature file from ASA 5510

    Cisco ASA 5510 IPS Firewall with ASA-SSM-10 Module.  I am trying to do a manual update of the signature file and get the following error:
    Error: execUpgradeSoftware : couldn't connect to host
    I have confirmed that I can ping the ftp server successfully from the ASA and the command I am trying to use from the configure terminal of the module is:
    upgrade ftp://[email protected]//IPS-sig-S813-req-E4.pkg
    I have also tried via http and it does not work as well.  Any thoughts?

    to connect to ftp there should be username usually anonymous and password whitch can be any. check in ftp server
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: anonymous
    Password: *********
    the username and/or the password are incorrect
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: 123
    Password: ***
    File opening error
    I made special user 123 on ftp server with password 123
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: 123
    Password: ***
    aip_ssm_card# 
    and dont forget to rate post

  • I am trying to update Adobe Bridge and Photoshop CS6, because it is not opening my CR2 files taken by my Canon 6D.  I have tried to go to help updates, and the software says that it is "Up to Date".  However, if I view the plug-in, it says that Camera R

    I am trying to update Adobe Bridge and Photoshop CS6, because it is not opening my CR2 files taken by my Canon 6D.  I have tried to go to help > updates, and the software says that it is "Up to Date".  However, if I view the plug-in, it says that Camera Raw is only version 7.1.  I can not find a direct download for Camera Raw 7.3, only the DNG converter, NOT CAMERA RAW!  Please Help!

    Did you fix your issue?  I am having the same one

  • When I update my nano ipod I get an error message "User ipod cannot be updated.  The disk couldnot be read from or written to."   How can I overcome this error message.

    In the iTunes window, when I update my nano ipod, I get an error message "User ipod cannot be updated.  The disk could not be read from or written to."   How can I overcome this error message.

    Hello there dilip77707,
    It sounds like you are getting this error message that your iPod cannot be read from or written to when you are trying to update your iPod Nano. I recommend the troubleshooting from the following article to help you get that resolved. Its pretty straight forward, just start at the top and work your way down as needed:
     'Disk cannot be read from or written to' when syncing iPod or 'Firmware update failure' error when updating or restoring iPod
    Thank you for using Apple Support Communities.
    All the very best,
    Sterling

  • I've updated to the most recent version of iTunes and I can no longer see any of my old music on my mac.  All the music is still available on my ipad.  How can i download the music on my mac?

    I've updated to the most recent version of iTunes and I can no longer see any of my old music on my mac.  All the music is still available on my ipad.  How can i download the music on my mac?

    First, are you positive it is really not there?  Have you looked in your iTunes folder in your Music folder, and in the media folders there? Do you see your media files?
    If your media are gone it is a lot easier to restore from a proper computer backup.  Your i-device was not designed for unique storage of your media. It is not a backup device and media transfer was planned with you maintaining a master copy of your media on a computer which is itself properly backed up against loss. Syncing is one way, computer to device, updating the device content to the content on the computer, not updating or restoring content on a computer. The exception is iTunes Store purchases which can be transferred to a computer.
    iTunes Store: Transferring purchases from your iOS device or iPod to a computer - http://support.apple.com/kb/HT1848 - only purchases from iTunes Store
    For transferring other items from an i-device to a computer you will have to use third party commercial software.  See this document by turingtest2: Recovering your iTunes library from your iPod or iOS device - https://discussions.apple.com/docs/DOC-3991

  • I have 3 iTunes libraries on my one one computer and since I updated to the new version I can no longer see who's library I am in. It used to show at the top of iTunes the name of the library I was in.  Is there a way I can tell which library I am in?

    I have 3 iTunes libraries on my one one computer and since I updated to the new version I can no longer see who's library I am in. It used to show at the top of iTunes the name of the library I was in.  Is there a way I can tell which library I am in without closing and reopening?

    No. Frequently the apps take up more storage space on the iPod that the file download size.

  • The ipod cannot be updated. The disk could not be read from.

    The ipod cannot be updated. The disk could not be read from or written to.
    This message appears every time I try and update my ipod or put photos on. I also get this message:
    An error occured while updating the default player for audio file types. You do not have enough access privileges for this operation.
    WHAT DO I DO???????

    Perhaps check for corrupted files--I had this issue with a messed up track/ file, and that kept killing the sync. More here:
    Lost in Asia, "Disk Could Not Be Read From or Written To." #12, 03:32am Oct 15, 2005 CDT
    As for the access privileges part, well, sorry, I have absolutely no idea what that means.
    Good luck!

  • Excise Part 1 updation at the time of issue.

    Hi,
    I am having one requirement regarding RG23 A part 1 updation at the time of issue.
    1) How the register part 1 updated at the time of goods issue.
    2) I purchased one material from two different vendor. One is excise unit & other is non excise.
    At the time of goods issue to shop floor how the system determine that this issue is from excisable material or non excisable material.And accrdingly how will update part 1 entries.
    Every time i will go to J1I5 transaction for updation of RG23 A or it will update automatically.
    Regards,
    Dinesh

    Hi Sathish ,
    In CIN - basic settings - Maintain excise groups there in that outgoing excise invoice Excise invoice during the billing and Create and post inv in single make the both fields un mark.
    Hope this will make you to create invoice and excise invoice separately, or els find if any exit is used earlier.
    Check and revert
    Regards
    Ram

  • I connected my external hard drive to my new imac to put all of the information from my macbook onto it. i have been working on the macbook now and want to reconnect the external hard drive so my imac is updated with the work. How is that done?

    I connected my external hard drive to my new imac to put all of the information from my macbook onto it. I have been working on the macbook now and want to reconnect the external hard drive so my imac is updated with the work. How is that done? or is it possible?

    As I said, I don't use Time Machine, so it'd be best to wait for an "expert" answer, but, with my very limited knowledge, I'd say: probably not - so, for now, I'd suggest you read up on Time Machine:
    http://web.me.com/pondini/Time_Machine/Home.html
    http://support.apple.com/kb/index?page=search&src=support_site.home.search&local e=en_US&q=time%20machine
    And, you might be attracting more knowledgeable answers if you were to post this question in the Time Machine Forum (part of the Snow Leopard forums).

Maybe you are looking for

  • 0 bytes free space. ios 8.1.3. HELP

    PLEASE HELP NOW. My iphone6  says it has 0 bytes available problems arised since ios 8.1.3 update. I never had any problems 'till this update. I have deleted almost everything (how cool eh? thanks apple now ill have to see what is restorable and how,

  • My hp 1660 will print some websites but not others

    my new hp 1660 prints off of some websites but there are many that will not print.  What can I do to correct this and be able to print everythin I want to

  • Set the LED more than once

    Hi 1.   I am doing a program that has a flat sequence structure. It has a LED in the first frame and I want to set this LED again after that in another frame. How can I do that? 2.   the program also has some controls that I want to check continuousl

  • While loop does not execute

    I wish to write a text file that is tab separated for viewing in UNIX, however the tab character provided in Labview is read as a ^M in the UNIX file and in notepad. If you have any suggestions, they would be appreciate

  • What happened to the colorizing option in iMovie

    I use to be able to use a color dial and alter the color of the video clips? I cant find such an option in the new version. TIA!