Authentication Policy Cisco ASA to Palo Migration

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authentication Policy Cisco ASA to Palo Migration

L1 Bithead

Hi All, 


I'm just looking for some help in migrating an authentication policy for my customer. I have tried to do this in expedition but I'm not sure it works. The Cisco ASA config I am trying to migrate is decribed below:


aaa-server RadiusProfile protocol radius
aaa-server RadiusProfile (Inside) host
key MySecret

aaa authentication match AuthPolicy Inside RadiusProfile


access-list AuthPolicy line 1 extended permit ip any4


I have tried creating an Authentication Profile on the Palo with a subsequent Authentication Enforcement Object. That is directly referenced in the Authentication policy which follows the asa access-list (permit zone Inside source address to any destination) but I do not believe it is working. 


When I attempt to test it, the authentication policy has no hits on it. 


Looking for some help please if any of you have knowlege of this area. 


Best Regards


L6 Presenter

Hi @yaz3636 


Please  refer below article on how to configure authentication policy in Palo Alto Networks

Hi @lychiang 


Yes I have followed these steps in the link you sent. 

Server Profile >

Auth Profile > (referencing Server Profile)

Authentication Object > (Referencing Auth Profile)

Authentication Policy > (referencing the Auth Object) 


I am still unable to get a hit on the authentication, I have used service any as a catch all, tested with SSH and Pings and still unable to get a hit. 



As I know this works on web traffic only . You might want to test with web traffic , if there is any questions , please open a TAC case. 

  • 3 replies
  • 76 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!