Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
903
Views
0
Helpful
3
Replies

VPN3000 Radius authentication sunddenly starts failing

silk
Level 1
Level 1

‎02-03-2005 02:08 AM - edited ‎02-21-2020 10:12 AM

Hello,

I have a couple of VPN 3000 configured to perform RADIUS Authentication on a CS ACS server.

The authentication usually works fine, then sunddenly starts to fail with this messages:

208 02/01/2005 17:12:09.010 SEV=4 AUTH/15 RPT=34

Server name = 10.9.34.28, type = RADIUS,

group = none (global server), status = Not-in-service

210 02/01/2005 17:12:13.960 SEV=4 AUTH/15 RPT=35

Server name = 10.9.34.29, type = RADIUS,

group = none (global server), status = Not-in-service

After some time the authentication start working again as the server is, by vpn3000's mind, back in service.

I have no other errors but these.

The 2 concentrators are on the same LAN and when one starts failing, the other may work fine with the ACS and/or vice versa.

The ACS servers are of course in service and in good health.

Do you have any clues?

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

thomas.chen
Level 6
Level 6

‎02-08-2005 02:49 PM

Is there any indication in the authentication server logs as to whether or not it got the requests ?

0 Helpful

mjolin1963
Level 1
Level 1

‎02-09-2005 03:38 PM

We had a similar issue..also 2 VPN 3000s authenticating against a Cisco ACS server.

We could ping the ACS server from either concentrator, but a test login from the concentrator to the ACS would fail. Since we're about to replace our ACS server, we worked around the problem by switching the authentication type on the the user accounts on the ACS from NDS to NT/Win2k authentication rather than do more extensive troubleshooting. Users are also able to reliably authenticate using NTdomainname/username instead of just their NDS username.

Our issue was largely contained to one specific user group, although others were intermittently having the issue as well.

The ACS showed failure attempts that were essentially password failures.

We've got 2 VPN 3015 concentrators running 4.0.1 software.

0 Helpful

silk
Level 1
Level 1
In response to mjolin1963

‎02-11-2005 02:06 AM

The problem was solved by configuring authentication servers in groups instead of using the global servers.

Weird since I read that people has exactly the opposite problem...

0 Helpful
Customers Also Viewed These Support Documents