I'm just looking for some help in migrating an authentication policy for my customer. I have tried to do this in expedition but I'm not sure it works. The Cisco ASA config I am trying to migrate is decribed below:
aaa-server RadiusProfile protocol radius
aaa-server RadiusProfile (Inside) host 192.168.1.1
aaa authentication match AuthPolicy Inside RadiusProfile
access-list AuthPolicy line 1 extended permit ip 172.16.0.0 255.255.0.0 any4
I have tried creating an Authentication Profile on the Palo with a subsequent Authentication Enforcement Object. That is directly referenced in the Authentication policy which follows the asa access-list (permit zone Inside source address 172.16.0.0/16 to any destination) but I do not believe it is working.
When I attempt to test it, the authentication policy has no hits on it.
Looking for some help please if any of you have knowlege of this area.
Please refer below article on how to configure authentication policy in Palo Alto Networks
Yes I have followed these steps in the link you sent.
Server Profile >
Auth Profile > (referencing Server Profile)
Authentication Object > (Referencing Auth Profile)
Authentication Policy > (referencing the Auth Object)
I am still unable to get a hit on the authentication, I have used service any as a catch all, tested with SSH and Pings and still unable to get a hit.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!