Kerberos authentication fail on ASA 5505 -Decrypt integrity-

Antoniotorres1 · ‎09-25-2013

Hi,

I'm trying to configure Kerberos authentication on ipsec-l2tp vpn tunnel. However, when I use my domain user to establish a connection I get this error:

ASA-Oslo# kerberos mkreq: 0x176

kip_lookup_by_sessID: kip with id 374 not found

alloc_kip 0xd9b9bdf0

new request 0x176 --> 11 (0xd9b9bdf0)

add_req 0xd9b9bdf0 session 0x176 id 11

In kerberos_build_request

In kerberos_open_connection

In kerberos_send_request

********** START: KERBEROS PACKET DECODE ************

Kerberos: Message type KRB_AS_REQ

Kerberos: Option forwardable

Kerberos: Option renewable

Kerberos: Option renewable accepted

Kerberos: Client Name antonio.torres

Kerberos: Client Realm IBISTIC.LOCAL

Kerberos: Server Name krbtgt

Kerberos: Start time 0

Kerberos: End time -643858960

Kerberos: Renew until time -653409600

Kerberos: Nonce 0x5242a360

Kerberos: Encryption type rc4-hmac-md5

Kerberos: Encryption type des-cbc-md5

Kerberos: Encryption type des-cbc-crc

Kerberos: Encryption type des-cbc-md4

Kerberos: Encryption type des3-cbc-sha1

Kerberos: Address 10.40.49.1

********** END: KERBEROS PACKET DECODE ************

In kerberos_recv_msg

In kerberos_process_response

********** START: KERBEROS PACKET DECODE ************

Kerberos: Message type KRB_AS_REP

Kerberos: Client Name antonio.torres

Kerberos: Client Realm IBISTIC.LOCAL

********** END: KERBEROS PACKET DECODE ************

Kerberos library reports: "Decrypt integrity check failed"

In kerberos_close_connection

remove_req 0xd9b9bdf0 session 0x176 id 11

free_kip 0xd9b9bdf0

kerberos: work queue empty

I've been looking for documentation about this error but I was not able to figure out what's wrong. I've already also turned off 'Do not require pre-authentication' on account option.

Some one get also this error?

Any help will be more than welcome,

Thanks in advance,

Antonio