各位大侠：
我在做ASA remote vpn + windows 2008 AD + radius 账号认证的时候，利用Cisco vpn client连接不上，不知是什么原因，请大侠们帮忙看一下。小弟感谢。
以下为ASA5520上的测试结果，
sutor-5520# show aaa-server
Server Group: LOCAL
Server Protocol: Local database
Server Address: None
Server port: None
Server status: ACTIVE, Last transaction at 05:41:32 GMT Thu Jul 16 2015
Number of pending requests 0
Average round trip time 0ms
Number of authentication requests 24
Number of authorization requests 0
Number of accounting requests 0
Number of retransmissions 0
Number of accepts 7
Number of rejects 17
Number of challenges 0
Number of malformed responses 0
Number of bad authenticators 0
Number of timeouts 0
Number of unrecognized responses 0
Server Group: AD2
Server Protocol: radius
Server Address: 172.19.0.123
Server port: 1645(authentication), 1646(accounting)
Server status: ACTIVE, Last transaction at 14:40:55 GMT Thu Jul 16 2015
Number of pending requests 0
Average round trip time 6ms
Number of authentication requests 126
Number of authorization requests 0
Number of accounting requests 0
Number of retransmissions 0
Number of accepts 11
Number of rejects 90
Number of challenges 0
Number of malformed responses 0
Number of bad authenticators 2
Number of timeouts 25
Number of unrecognized responses 0

sutor-5520#
sutor-5520# show run tunnel-group
tunnel-group DefaultRAGroup general-attributes
authentication-server-group AD2
tunnel-group sutorvpn type remote-access
tunnel-group sutorvpn general-attributes
address-pool PApool
default-group-policy sutorvpn
tunnel-group sutorvpn ipsec-attributes
pre-shared-key *
tunnel-group sutorman type remote-access
tunnel-group sutorman general-attributes
address-pool SMpool
default-group-policy sutorman
tunnel-group sutorman ipsec-attributes
pre-shared-key *
sutor-5520# test aaa-server authentication AD2 host 172.19.0.123
Username: max
Password: ******
INFO: Attempting Authentication test to IP address <172.19.0.123> (timeout: 12 seconds)
INFO: Authentication Successful
在ASA上，AD账号认证也通过了，但是client vpn 就是拨不上，不知什么原因。