02-01-2004 04:38 AM - edited 02-21-2020 01:01 PM
Hi forum,
I have setup deployment for l2tp/IPsec were wireless client authenticate versus ACS server via VPN 3000 concentrator.
ACS is configured to search for users in Active Directory.
The problem is that only after 5-6 times the user is successfully authenticated.
I get the following error on the concentrator:
1212 01/30/2004 16:40:39.370 SEV=6 AUTH/6 RPT=622 69.78.5.93 Authentication challenge: handle = 972, server = 10.129.45.200, user = vnrcorl@c sl.gov
1214 01/30/2004 16:40:43.430 SEV=4 AUTH/15 RPT=457 Server name = 10.129.45.200, type = RADIUS, group = none (global server), status = Not-in-service
1216 01/30/2004 16:40:43.430 SEV=4 AUTH/9 RPT=283 69.78.5.93 Authentication failed: Reason = No active server found handle = 972, server = (none), user = vnrcorl@csl.gov
1218 01/30/2004 16:40:43.430 SEV=4 PPP/46 RPT=118 Authentication Subsystem error: No active server found
Is anyone have a suggestion for that instability behavior?
Regards.
Yossi Mor
02-02-2004 02:45 PM
The meaning of this error is that the concentrator attempted to send the authentication request to the ACS server but didn't receive a reply from it. What do you see in the ACS logs? Do you see that it receives the authentication request? If so, do you see the authentication passing when quering Active Directory? If so, then probably a sniffer trace between the ACS and concentrator should be collected to see if the ACS is indeed sending the authentication accept message back to the concentrator or if it never sends it. This can be caused by many many many factors (i.e. sporadic connectivity problems between the cocentrator and ACS, ACS never receiving the reply from concentrator, etc).
02-18-2004 11:28 AM
What version of code are you using where VPN Client authorization via an ACS Server is supported?
I have the latest from the web site today;
Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.1.Rel Feb 12 2004 17:54:39
And all I see as options for Client/Group authentication is Radius, NT Domain, SDI, Kerberos and Internal.
I'd love to use my ACS server for Client Authentication via TACACS, is that possible?
02-19-2004 12:22 AM
Hi,
I am using on the VPN 3004 software version 4.0.
I belive that there si no problem to work with TACACS since acs support that protocol.I did not try that option.
Regards.
Yossi Mor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide