Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
2
Replies

SSL VPN authentication

lecarbajalp
Level 1
Level 1

‎12-07-2012 06:36 AM

Hello,

I have an issue with the SSL VPN authentication, we use a LDAP server to validate the user's credentials, some users were able to login without problems but others fail.

I got this from the show aaa-server protocol ldap

Server port:     636

Server status:   ACTIVE, Last transaction at unknown

Number of pending requests              0

Average round trip time                 0ms

Number of authentication requests       3

Number of authorization requests        0

Number of accounting requests           0

Number of retransmissions               0

Number of accepts                       2

Number of rejects                       1

Number of challenges                    0

Number of malformed responses           0

Number of bad authenticators            0

Number of timeouts                      0

Number of unrecognized responses        0

Server status:   ACTIVE, Last transaction at unknown

Number of pending requests              0

Average round trip time                 0ms

Number of authentication requests       21922

Number of authorization requests        0

Number of accounting requests           0

Number of retransmissions               0

Number of accepts                       18424

Number of rejects                       3465

Number of challenges                    0

Number of malformed responses           0

Number of bad authenticators            0

Number of timeouts                      0

Number of unrecognized responses        0

Is this a normal behavior? We also taught in enable a debug for the ldap but as this firewall manage several VPNs we discard the idea.

thank you.

Labels:
0 Helpful
2 Replies 2

Gurpreet Puri
Level 1
Level 1

‎12-10-2012 09:28 PM

Hi Luis,

Those who are able to connect and those who are not are using same same browser? Please check the settings of their brower should be same...

Java should be updated.

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace :)
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)
0 Helpful

ju_mobile
Level 1
Level 1

‎12-11-2012 12:14 AM

Luis,

In the ASDM and under the LDAP server configuration you can test a users logon. If you run a test with an active user who is failing to connect succeed or fail ?

eg:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#asdmtest

Best Regards

Ju

http://helpamunky.wordpress.com/

0 Helpful
Customers Also Viewed These Support Documents