05-12-2010 06:04 AM - edited 03-10-2019 05:07 PM
I have a VPN 3005 configured to authenticate against a Cisco Secure ACS 4 server and all user are connecting successfully via this method. I have installed an ACS 5.0 server and configured the relevant policies, defined the ACS server on the VPN 3005 and tested authentication (test is successfull). When I try to connect in via VPN the connection fails and in the logs on the VPN concentrator the new ACS server is going out of service - Server name = y.y.y.y, type = RADIUS, group = x, status = Not-in-service. It is associated with the correct group and the test authentication works, are there compatibility issues between the VPN 3005 and ACS 5.0? The VPN 3005 is running 4.7.2.P and the ACS is 5.0.0.21. Any ideas?
05-13-2010 02:53 PM
Upgrade to ACS 5.1 resolved this issue......
05-13-2010 07:14 PM
Damian,
Just wanted to give you some more information. This is actually a known issue with ACS 5.0 and upgrade to 5.1 was the only solution.
Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858
Used Tacacs+ instead of radius.
Here are the bug details: CSCsy17858
<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858>
Incorrect handling of Tunnel-Type & Tunnel-Client-Endpoint attrs
HTH
JK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide