We have Cisco ASA firewalls that we want to do automatic-enable when the user logs in with valid administrative credentials. We have this working with Cisco ISE, which we are decommissioning. The short version is that as part of the RADIUS response, the RADIUS server needs to return back the "Service-type = 6" as an INTEGER value.
In NPS, when I go to RADIUS Attributes > Vendor Specific > Click Add > Select Cisco as the Vendor and then Cisco-AV-Pair as the attribute, the Attribute format is String, which will not work.
If I select Custom, instead of Cisco, in the drop down then select Vendor-Specific, the attribute format is OctetString. I have seen in some debugs where the Octet value that is returned in a correctly formatted Service-Type=6 is (0x06). I am not sure if using this will work.
My first question is, is there a truly customizable VSA that I can configure where I can give it an attribute number and set the attribute format to Integer?
My second question is, has anyone tried using NPS with Cisco ASAs and got the auto-enable to work?