This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Authentication Policy Cisco ASA to Palo Migration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Authentication Policy Cisco ASA to Palo Migration

yaz3636
L1 Bithead

‎09-17-2020 03:22 AM

Hi All, 

 

I'm just looking for some help in migrating an authentication policy for my customer. I have tried to do this in expedition but I'm not sure it works. The Cisco ASA config I am trying to migrate is decribed below:

/

aaa-server RadiusProfile protocol radius
aaa-server RadiusProfile (Inside) host 192.168.1.1
key MySecret

aaa authentication match AuthPolicy Inside RadiusProfile

/

access-list AuthPolicy line 1 extended permit ip 172.16.0.0 255.255.0.0 any4

 

I have tried creating an Authentication Profile on the Palo with a subsequent Authentication Enforcement Object. That is directly referenced in the Authentication policy which follows the asa access-list (permit zone Inside source address 172.16.0.0/16 to any destination) but I do not believe it is working. 

 

When I attempt to test it, the authentication policy has no hits on it. 

 

Looking for some help please if any of you have knowlege of this area. 

 

Best Regards

0 Likes Likes
3 REPLIES 3

lychiang
L6 Presenter

‎09-17-2020 07:56 AM

Hi @yaz3636 

 

Please  refer below article on how to configure authentication policy in Palo Alto Networks 

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/policies/policies-authenticat...

0 Likes Likes

yaz3636
L1 Bithead
In response to lychiang

‎09-17-2020 08:01 AM

Hi @lychiang 

 

Yes I have followed these steps in the link you sent. 

Server Profile >

Auth Profile > (referencing Server Profile)

Authentication Object > (Referencing Auth Profile)

Authentication Policy > (referencing the Auth Object) 

 

I am still unable to get a hit on the authentication, I have used service any as a catch all, tested with SSH and Pings and still unable to get a hit. 

 

Regards

0 Likes Likes

lychiang
L6 Presenter
In response to yaz3636

‎09-17-2020 08:03 AM

As I know this works on web traffic only . You might want to test with web traffic , if there is any questions , please open a TAC case. 

0 Likes Likes
  • 2915 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks