Use Cisco ASDM For VPN Changes
1. Create new AAA Server Group
1. Choose the Configuration tab
2. Select Device Management
3. Select AAA server Group under the Users/AAA Device Management objects
2. Click the Add button on the right-hand panel and fill out the Add AAA Server Group dialog.
3. Name the Server Group and set the Protocol to RADIUS.
On The PortalGuard Server:
1. Open Bootstrap Configuration and navigate to the Services->RADIUS tab.
2. Create a new Client Configuration by clicking the Create button.
3. Name the client configuration, set the IP Address to the Internal IP of the Cisco ASA (Adaptive Security Appliance) and set the Shared Secret.The Shared Secret value will also be recorded in the AAA Server on the VPN side in the server secret key.
4. Accept the defaults on the RADIUS tab and click Save.
5. Open the PortalGuard Security Policy and navigate to the ‘Actions->VPN tab and choose the desired authentication method.For Two-factor, also check the Accepted OTP Methods and set the Default OTP Method.
6. Apply the Bootstrap and Security Policy changes with the Apply to PortalGuard Server button.
7. Add an AAA Server to the AAA Server Group:
1. Select the PortalGuard AAA Server Group
2. Click the Add button
3. Fill in the Server Name or IP Address and enter the Shared Secret Key that was also entered in the Client Configuration on the PG side and click OK.
At the VPN Client:
1. Create a new entry if one doesn’t already exist and point it to the new AAA Server.
On the PortalGuard Server:
1. Open ports 1812 and 1813 on the PortalGuard server firewall
1. Click the System and Security link from the Control Panel
2. Choose the Windows Firewall link from the System and Security page.
3. Click Advanced Settings
4. Choose Inbound Rules and then New Rule…
5. Name the rule RADIUS and enter a description as shown in the screen shot below:
6. Navigate to the Protocols and Ports tab
1. Set Protocol type to UdP
2. Set Local port to Specific Ports 1812 and 1813
3. Save the changes.