Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
0
Helpful
0
Replies

RSA + RADIUS Authentication issue with 3080 Concentrator

rkallas
Level 1
Level 1

‎01-27-2014 02:45 PM

I know, the 3080 is EOL many moons ago.  The fact is we're just getting ready to migrate to a new VPN platform but we're also migrating to RSA as a token server.  The RSA migration needs to happen first, so I'm trying to work out how to have both and External RADIUS and RSA authentication in parallel, while people move from one to the other.

I have the VPN Concentrator pointing to an ACS server for the External RADIUS server, and pointing directly to an RSA server for the SDI tokens.

The External RADIUS server is set up as Global (under Configuration | Servers | Authentication)  where the RSA server is set up under the RSA Migration group (Configuration | User Management | Groups | Authentication Servers)

When I test my RSA token account from the RSA server under the RSA Migration Group, it authenticates perfectly.  However, once I try from my VPN Client, it fails with a 427 error. (see attached log file)

On the VPN side I see this in the logs:

3361 01/24/2014 15:50:31.150 SEV=4 AUTH/9 RPT=5 192.168.249.62

Authentication failed: Reason = No active server found

handle = 628, server = (none), user = raymond kallas

To me this looks like the Concentrator is having an issue with where to send the auth request, but I'm not positive.

Any advise is greatly appreciated.

Ray

Labels:
15374716-RSA_Failed_Error 427.zip
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents