Hi all
I am trying to deploy a new eap chaining authentication for machine and user authentication with certificate.
Tunnel EAP_FAST and authentication EAP_TLS
I would like to perform 4 policies:
Machine and user has the certificate: It is working
Machine has the certificate and user not: It is ok.
Machine not have certificate and user has the cert. It is working too.
But when machine and user not have the certificate, anyconnect is trying EAP_PEAP.
My profile is not set to use EAP_PEAP.
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
15049 Evaluating Policy Group
15008 Evaluating Service Selection Policy
15048 Queried PIP - DEVICE.Wired
15048 Queried PIP - Radius.Service-Type
15048 Queried PIP - Radius.NAS-Port-Type
15004 Matched rule - wired_test
11507 Extracted EAP-Response/Identity
12100 Prepared EAP-Request proposing EAP-FAST with challenge
12625 Valid EAP-Key-Name attribute received
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12301 Extracted EAP-Response/NAK requesting to use PEAP instead
12303 Failed to negotiate EAP because PEAP not allowed in the Allowed Protocols
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
Do you have any idea about it ?
thanks.