07-25-2012 11:15 PM - edited 03-11-2019 04:34 PM
Hi all,
I am running ASA ver. 8.2(2) and all users are configured in the ASA. This ASA is uses as a VPN ASA and we are using it for remote access for external users. When a user is logged in, he gets all parameters that are need to continue working from outside, such as, IP, assigned to special group with special permissions and so on. All the parameters that are needed are configured under user attribute. See example below:
username username1 password xxxxxx == nt-encrypted
username username1 attributes
vpn-group-policy Basic
vpn-access-hours none
vpn-simultaneous-logins 1
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter value DDD-Basic
vpn-tunnel-protocol IPSec
vpn-framed-ip-address 1.1.1.1 255.255.255.0
password-storage enable
group-lock value Basic
Is it possible to live the user attributes as is and to force the users to authenticate via LDAP servers only?
07-26-2012 09:13 AM
Hi Bro
Yes, this can be done. Please refer to https://supportforums.cisco.com/thread/2045265
P/S: If you think this comment is useful, please do rate them nicely :-)
09-04-2012 11:39 PM
Hello Ramraj,
Thanks a lot to your reply, sorry for the delay, but now I have a chance to verify again the above issue and according to the debug I triggered in ASA (225) , it is getting the right user and recognize it correct. I had no errors. But I am still getting en error from the VPN client. The error I received is "Secure VPN connection terminated locally by the client. Reason 413: User authentication failed." I also tried to get an IP from AD withput success. Any Idea ?
Thanks, a lot,
Reuven
09-06-2012 01:08 AM
:-) By mistake I marked the wrong star forgive me man
10-23-2012 10:49 PM
Hello Ramraj,
Sorry for the delay, but yesterday I had a chance to check again and to test what I configured accroding to the document that you sent me a while ago (:-)). I triggered the debug on the ASA 5520 and everything looks fine. The LDAP server is sending the right information without any error message. In the VPN client when I am trying to login I am receiving the following error message:
"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed" . Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn>group-policies>General>more options.
Any idea what could be the reason?
Thanks alot ,
Reuven
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide