cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

161
Views
0
Helpful
1
Replies
Highlighted
Beginner

VPN Concentrator win 2003 kerberos authentication

We have a VPN concetrator that we use the Active Directory/Kerberos authentication with to authenticate users. It worked fine on our WIndows 2000 domain controller, but now that we are using Windows 2003, it will not allow any users to authenticate.

I am sure that I have it setup correctly on the concentrator side because I can change the authentication server IP address back to one of the WIndows 2000 domain controllers and it immediately starts working again. When I go back to the Windows 2003 DC, then it fails. I have used the test button and have tried to use the vpn client.

Does anyone know if there is a change between kerberos on Windows 2000 and WIndows 2003? Is there something I would need to change on the new WIndows 2003 server to make it work. I guess my other option is to setup IAS on the server and do RADIUS, but it seems like this should be able to work. Any ideas would be greatly appreciated!

Thanks,

Josh

1 REPLY 1
Beginner

Re: VPN Concentrator win 2003 kerberos authentication

Hi,

I have got Authentication to 2003 AD working here today. I'm using a VPNC3020 with vpn3000-4.7.Rel-k9 software.

Check the IP/domain name is correct and/or resolves.

Check you are using port 88 and that your DC is not firewalled or has this port blocked.

Has your kerberos realm changed? check you have entered the correct kerberos realm.

good luck,

Neal.