- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-17-2020 03:22 AM
Hi All,
I'm just looking for some help in migrating an authentication policy for my customer. I have tried to do this in expedition but I'm not sure it works. The Cisco ASA config I am trying to migrate is decribed below:
/
aaa-server RadiusProfile protocol radius
aaa-server RadiusProfile (Inside) host 192.168.1.1
key MySecret
aaa authentication match AuthPolicy Inside RadiusProfile
/
access-list AuthPolicy line 1 extended permit ip 172.16.0.0 255.255.0.0 any4
I have tried creating an Authentication Profile on the Palo with a subsequent Authentication Enforcement Object. That is directly referenced in the Authentication policy which follows the asa access-list (permit zone Inside source address 172.16.0.0/16 to any destination) but I do not believe it is working.
When I attempt to test it, the authentication policy has no hits on it.
Looking for some help please if any of you have knowlege of this area.
Best Regards
09-17-2020 07:56 AM
Hi @yaz3636
Please refer below article on how to configure authentication policy in Palo Alto Networks
09-17-2020 08:01 AM
Hi @lychiang
Yes I have followed these steps in the link you sent.
Server Profile >
Auth Profile > (referencing Server Profile)
Authentication Object > (Referencing Auth Profile)
Authentication Policy > (referencing the Auth Object)
I am still unable to get a hit on the authentication, I have used service any as a catch all, tested with SSH and Pings and still unable to get a hit.
Regards
09-17-2020 08:03 AM
As I know this works on web traffic only . You might want to test with web traffic , if there is any questions , please open a TAC case.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!