10-24-2013 08:00 AM - edited 02-21-2020 07:16 PM
Hey guys,
Is there a way to see why a particular user logging into our Anyconnect VPN fails? The logon server is just an LDAP connection to our Active Directory enviornment. I am troubleshooting a phone vpn connection but have no way of seeing why the connection fails. Do I have to debug or is there a menu in the ASDM that will tell me the failure reason?
Example: Bad password or username.
10-24-2013 06:47 PM
Hi,
Did you test this user using the test option in Asdm? You need to go the server configured and use the test button, if it fails, can u collect some logs?
You can also use the debug ldap 255 in cli
Regards,
Sent from Cisco Technical Support iPhone App
10-27-2013 01:38 AM
If this is happening with just one user, you may need to look at the user porperties. Did you check if user account is locked out on AD.
If you want to debug that specific attempt, then please run "debug ldap 255" and run the below listed command:
test aaa authentication LDAP-GROUP host
username:xxxx
password:xxxx
Get the output.
Also, take a look at ldap server > event viewer and see what error are we getting.
~BR
Jatin Katyal
**Do rate helpful posts**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide