Thanks for your reply. I actually tried doing that, but it didn't work. I created a group and only had WebVPN enabled (disabled IPSec, etc.). Then I created a user that had that group. I thought that would work, but everytime I tried to log on via SSL client, the authentication failed. I looked in the log and it was trying to authenticate to the Active Directory, which of course wouldn't work.

I didn't do anything under the IPSec tab where you specify the authentication method because it seemed to me that I wouldn't be using IPSec so that setting would be irrelevant.

What am I doing wrong?

Hi,

You are not doing anything wrong except trying to get around the default behaviour.

WebVPN authentication requests don't fall back to the second entry in the authentication server list configured in the global mode. Whatever is the first entry, the concentrator tries to authenticate the user accordingly. It seems that you have AD on the top in the list.

HTH,

*Please rate if it helps.

Regards,

Kamal

You are correct, I do have internal last in my authentication list. But I don't really know what to do about that because most of the users that come in I want to authenticate against a Radius server or the AD. If I moved internal to the top of my authentication list wouldn't that screw up the authentication for all my AD users? They wouldn't have entries internally to the concentrator and since it was first in the list wouldn't it try to authenticate internally and thereby fail?

I have the same problem. If i change the order of the authentication servers (the internal over the Radius) the webvpn user logged on ok, but the rest of the users of Active Directory never connects.