03-20-2012 07:08 AM - edited 03-10-2019 06:55 PM
I am rather new to administrating the ASA. I am currently on 8.2.5 but I will be moving to 8.4.3 within the next week or so. In the meantime I would like to get my vpn system up and going. Currently I am able to vpn in to my system using a local server group, but I would like to simplify things by getting my ASA to accept AD credentials. I found a bunch of articles referencing how to do this. I first attempted to use this article but the test option yeilds a failure stating "The authentication Server not responding: AAA Server has been removed." I then began to do more research finding things like having to add the Network Policy and Access Services to my domain controllers which I vaguely remember using at my last job prior to getting our Tacacs+ server.
Here are my questions:
Thanks in advance. I did some searching on the forums and there were some mildly related items to what I am asking but I couldn't find anything very recent. If someone's search-fu is better then mine, linking me to a relevant already asked question would be helpful as well.
03-20-2012 07:35 AM
Update 1: The login dn notation in the linked article is wrong. Format should be domain\username or username@domain. Once I corrected this issue, the test began working.
I have now created the IPSec Connecktion Profile, Group Policy, and Dynamic Access Policy. I have setup my PCF file on my client to connect to the new group I created, however I seem to be getting the following errors:
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory:
1 11:06:52.855 03/20/12 Sev=Warning/3 IKE/0xE3000057
The received HASH payload cannot be verified
2 11:06:52.856 03/20/12 Sev=Warning/2 IKE/0xE300007E
Hash verification failed... may be configured with invalid group password.
3 11:06:52.856 03/20/12 Sev=Warning/2 IKE/0xE300009B
Failed to authenticate peer (Navigator:915)
4 11:06:52.856 03/20/12 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2263)
03-20-2012 11:45 AM
Fixed this issue. My Group Profile was spelled incorrectly. I renamed it in the ASA with the correct spelling and everything is now fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide