Vista resident VPN client unable to authenticate through ACS Server

madlm · ‎02-19-2007

We have users attempting to connect to our VPN concentrator externally. It looks like the connection is made and then it is checking for username/password. After that it just does not connection [or authenticate] This points me to the ACS server the Concentrator is using for Radius. The ACS is version 3.3.

The ACS is set up to check against windows active directory. IT works fine with XP just not Vista...

Any ideas?

Vivek Santuka · ‎02-20-2007

Hi,

Do you see any entry in failed attempts for the Vista clients ?

Regards,

Vivek

efisher · ‎02-20-2007

Hi,

I have the latest vista vpn client and I am able to connect through our VPN connectrator using ACS for authentication with AD. Check the logs on your ACS and try debugging ont he client itself.

madlm · ‎02-20-2007

I am getting an error on the ACS .. 'auth type not supported by External DB' ..

I am not using the Cisco client but the VPN client connection built into Vista.

Any ideas on the error?

madlm · ‎02-20-2007

The ACS is set to query Active directory first then a linux ldap server IF the ACS cannot determine if they are in the cisco secure database

kaachary · ‎02-21-2007

Hi,

Can you try it without using MPPE encryption.

If it works, then you have to play around with authentication settings(MSCHAP v1 ,MSCHAP v2) on the Conc and on the client.

This link would help you :

http://cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080094310.shtml

HTH,

-Kanishka

Vivek Santuka · ‎02-21-2007

Hi,

Active Directory does not support Chap and LDAP does not support Chap/mschap.

Regards,

Vivek

madlm · ‎02-23-2007

AD does support MSCHAP2 yes?

There must be other engineers or cases on file in cisco speaking to this issue or at least a best practice configuration to get the connection between the Vista built in client and authentication through the ACS...

Vivek Santuka · ‎02-23-2007

Hi,

AD supports MSchap but not Chap.

Regards,

Vivek