Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1034
Views
0
Helpful
2
Replies

MS IAS

ctasher
Level 1
Level 1

‎05-24-2004 09:33 AM - edited ‎03-10-2019 07:49 AM

Hello all, I have browsed through the postings on this issue and cannot succeed..any advise of the following:

VPNCLIENT is my group name

147.66.17.160 is my global address

0.0.0.0 -should the NAS be this -this is local so maybe??

10.7.125.1 -this is the 1701 inside ip address

NAS config is simple...I define the aaa commands and the radius ip and key.

both the NAS and the IAS are not registered on the dns so I am using the ip address. There is connectivity between these devices (PIX acls allow connectivity)

vpn users can get in using the local NAS database.

any help????

much appreciated...chris

config as follows: ADSL(1701)---PIX---MS IAS

vpn clients terminated on 1701. The MS IAS reports that username/passwords invalid. I have followed the example on the cisco website but no joy.

The password on the MS IAS and on the NAS are exactly the same.

The error on the system log on the IAS is as follows:

User VPNCLIENT was denied access.

Fully-Qualified-User-Name = PM1-EAS\VPNCLIENT

NAS-IP-Address = 0.0.0.0

NAS-Identifier = <not present>

Called-Station-Identifier = <not present>

Calling-Station-Identifier = 147.66.17.160

Client-Friendly-Name = tst

Client-IP-Address = 10.7.125.1

NAS-Port-Type = Virtual

NAS-Port = 500

Policy-Name = <undetermined>

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 16

Reason = There was an authentication failure because of an unknown user name or a bad password.

Labels:
0 Helpful
2 Replies 2

nikhil_m
Level 1
Level 1

‎05-31-2004 10:55 AM

Any update on this ?

0 Helpful

tcross3
Level 1
Level 1

‎06-02-2004 12:45 PM

The problem is with the radius server. When you created the accounts on the ias server the are local accounts and in windows 2000/3 you have to permit them using the remote access policy. This should work if you change the remote access policy to permit. and store the password on the windows 2000/3 server in reversible encryption. That is important if not it won't work.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents