EAP-TLS + CA MICROSOFT + ACS 3.2 APPLIANCE = Problem

eduardo.cornejo · ‎03-01-2004

I have a Wireless Lan platform composed by equipment Access Points Cisco 1100 with ACS 3,1 and CA Microsoft.The security scheme is EAP-TLS (certificates).This architecture was completely functional. The problem took place when replacing the ACS 3,1 by the ACS 3,2 APPLIANCE, for which new certificates they were emitted by the CA of the infrastructure. The problem appears when a wireless client tries to connect to the wireless network,without obtaining the objective ,being in a state of "trying to authenticate" in networks adapters, in addition the ACS Logs appear the following message "NAS duplicated authentication attempt".

If somebody knows the reason of this problem, can be contacted to my mail (ecornejo@magenta.cl).

a-vazquez · ‎03-05-2004

The messages you are seeing are informational due to the way the authentication requests are being sent.

Which means the initial request for authentication is sent. If there is no response within a specified time, a random interval is specified for response the second try, and so forth until a response is received.

Is there any other error messge that you are getting ??

zappolinom · ‎04-02-2004

A hint i could give you that in such a scenario you need an Trusted boundary between the ACS Appliance and the MS AD/PDC. This we be realized trough an PC/Host who is a regitered member or user of the AD/PDC. This relay Computer then communicates with the MS CA. The SW that Cisco Provides is the Cisco Secure ACS Agent. Hope this helps as we found the same problem in leap authentication as the ACS Appliance could not be set into a AD/PDC Domain. This has to be realized trough this smal piece of SW installed on an PC/Host etc. wich is a active AD/PDC Member.