10-01-2012 02:50 PM - edited 02-21-2020 06:22 PM
Hello, I'm having a problem completing an IPSec(IKEv1) connection to be used with Chromebooks. I have gone through the config and believe it's correct, but with an attempted connection I get: AAA user authentication Rejected : reason = Invalid password : local database : user = xxxxx
I am trying to use local user account for current testing, and have confirmed, and reconfirmed the password is correct. Any idea why the authentication isn't being passed?
Solved! Go to Solution.
10-02-2012 09:51 AM
Tony,
In case you are using MS-CHAPv2, then the user account should be like:
username cisco password cisco123 mschap
Let me know.
Thanks.
Please rate any helpful posts.
10-01-2012 04:16 PM
Hi,
So you are connecting with the Cisco IPsec client?
Have you tried with another account?
Please attach "debug aaa common 255"
Thanks.
Portu.
Please rate any helpful posts
Sent from Cisco Technical Support Android App
10-01-2012 05:30 PM
I'm trying to use both the VPN config on a mac and the VPN config on a Chrombook. The instructions to setup for Chrombook I found here
(http://support.google.com/chromeos/bin/answer.py?hl=en&answer=2382577)
Log attached.
10-01-2012 06:21 PM
Please attach the AAA output.
Thanks.
Sent from Cisco Technical Support Android App
10-01-2012 06:35 PM
I'm sorry, I'm pretty new at this device, is there a specific command you are asking me to run to get the aaa output?
10-02-2012 07:09 AM
I figured it out... Here is the output and it's attached.
debug aaa common enabled at level 255
lcociscoasa# AAA API: In aaa_open
AAA session opened: handle = 120
AAA API: In aaa_process_async
aaa_process_async: sending AAA_MSG_PROCESS
AAA task: aaa_process_msg(a7b57c78) received message type 0
AAA FSM: In AAA_StartAAATransaction
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(DefaultRAGroup)
Got server ID 0 for group policy DB
Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB)
------------------------------------------------
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: DefaultRAGroup
Resp:
grp_policy_ioctl(9ef75e0, 114698, a7b57200)
grp_policy_ioctl: Looking up DefaultRAGroup
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 120, pAcb = ab912150
AAA task: aaa_process_msg(a7b57c78) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
------------------
Tunnel Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_DONE,
AAA FSM: In AAA_ProcessFinal
AAA FSM: In AAA_Callback
user attributes:
1 User-Name(1) 14 "DefaultRAGroup"
2 User-Password(2) 0 0xAB7DF77B ** Unresolved Attribute **
user policy attributes:
None
tunnel policy attributes:
1 Primary-DNS(4101) 4 IP: 10.30.16.120
2 Secondary-DNS(4102) 4 IP: 10.30.16.121
3 Tunnelling-Protocol(4107) 4 12
4 Group-Policy(4121) 14 "DefaultRAGroup"
5 Split-Tunnel-Inclusion-List(4123) 8 "DefaultRAGroup_splitTunnelAcl"
6 Default-Domain-Name(4124) 14 "ad.seagate.com"
7 Split-Tunneling-Policy(4151) 4 1
AAA API: In aaa_close
AAA task: aaa_process_msg(a7b57c78) received message type 3
In aaai_close_session (120)
AAA API: In aaa_open
AAA session opened: handle = 121
AAA API: In aaa_process_async
aaa_process_async: sending AAA_MSG_PROCESS
AAA task: aaa_process_msg(a7b57c78) received message type 0
AAA FSM: In AAA_StartAAATransaction
AAA FSM: In AAA_InitTransaction
Initiating authentication to primary server (Svr Grp: LOCAL)
------------------------------------------------
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: vpnuser
Resp:
In localauth_ioctl
Local authentication of user vpnuser
callback_aaa_task: status = -1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 121, pAcb = ab912150
aaa_backend_callback: Error:
AAA task: aaa_process_msg(a7b57c78) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
------------------
Authentication Status: -1 (REJECT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = REJECT
AAA_NextFunction: authen svr = LOCAL, author svr =
AAA_NextFunction: New i_fsm_state = IFSM_DONE,
AAA FSM: In AAA_ProcessFinal
AAA FSM: In AAA_Callback
user attributes:
1 MS-CHAP-Error(8194) 14 "[01]E=691 R=0 V=3"
user policy attributes:
None
tunnel policy attributes:
None
Auth Status = REJECT
AAA API: In aaa_close
AAA task: aaa_process_msg(a7b57c78) received message type 3
In aaai_close_session (121)
10-02-2012 08:11 AM
Hi Tony,
So are you connecting as an L2TP/IPsec client?
Thanks.
10-02-2012 08:47 AM
Yes. Or at least that's what I'm trying to do.
10-02-2012 09:16 AM
I am just curious, have you tried with a Windows machine running the L2TP/IPsec client?
Thanks.
10-02-2012 09:47 AM
Yes, and it doesn't connect.
10-02-2012 09:51 AM
Tony,
In case you are using MS-CHAPv2, then the user account should be like:
username cisco password cisco123 mschap
Let me know.
Thanks.
Please rate any helpful posts.
10-02-2012 09:55 AM
You mean the word mschap shold actually be typed in after the password with a space?
(another example) password123 mschap
10-02-2012 10:58 AM
Correct.
10-02-2012 12:19 PM
same error.
10-02-2012 12:21 PM
Tony,
Please attach the configuration.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: