cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1000
Views
0
Helpful
4
Replies

VPN 3000 Concentrator Authentication Error.

subashmbi
Level 1
Level 1

Hi Team,

I am facing the Authentication error in Concentrator.

Scenario :-

Concentrator is integrated with AD.

Error:-

---

2451 11/22/2009 13:20:35.550 SEV=3 AUTH/5 RPT=19132 86.62.198.251
Authentication rejected: Reason = Unspecified
handle = 396, server = 172.27.1.13, user = 23733, domain = <not specified>

1 Accepted Solution

Accepted Solutions

mopaul
Cisco Employee
Cisco Employee

Hi subashmbi,

Gotta following questions for you :-

1. Which authentication protocol is in use with AD ?

2. By any chance the user "23733" for whom you are seeing Authentication error, is a part of mulitple groups defined in AD ?

As a quick test., try to switch the VPN group to NT domain authentication and let me know how it goes...

If NT does not work then try LOCAL authentications.

Awaiting your response with answers to the questions asked above and the test results with NT and LOCAL ...

Regards

M

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

View solution in original post

4 Replies 4

mopaul
Cisco Employee
Cisco Employee

Hi subashmbi,

Gotta following questions for you :-

1. Which authentication protocol is in use with AD ?

2. By any chance the user "23733" for whom you are seeing Authentication error, is a part of mulitple groups defined in AD ?

As a quick test., try to switch the VPN group to NT domain authentication and let me know how it goes...

If NT does not work then try LOCAL authentications.

Awaiting your response with answers to the questions asked above and the test results with NT and LOCAL ...

Regards

M

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

Hi,

Thanks for the update.

Answers are inline.

Gotta following questions for you :-

1. Which authentication protocol is in use with AD ?

Kerboros

2. By any chance the user "23733" for whom you are seeing Authentication error, is a part of mulitple groups defined in AD ?

Yes, If we create the new user with same group, it is working fine without error.

As a quick test., try to switch the VPN group to NT domain authentication and let me know how it goes...

If NT does not work then try LOCAL authentications.

Current scenario is using NT authentication with this group only some user (2-3) is facing problem .

Awaiting your response with answers to the questions asked above and the test results with NT and LOCAL ...

Regards

M

Hi Subash,


So it worked with NT as authentication except 2-3 users. Is that correct ?

Also, the new user you created, works fine for that group in AD using kerbros.

Please confirm both the points i have raised above.



Regards

M

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

Hi,

So it worked with NT as authentication except 2-3 users. Is that correct ?

Yes.

Also, the new user you created, works fine for that group in AD using kerbros.

Yes.

Please confirm both the points i have raised above.

Tomorrow i will try with local Authentication.

Rgds

Subash