3000 Internal authentication problem

kitprice1 · ‎09-23-2007

Hello,

I am connecting to the concentrator fine with PPTP, the user that is failing is a HW client which is a GROUP, using a group name and user name that are different than me. When I set

"authentication" to none, the HW client connects. When I set "authentication" to INTERNAL, I get this in the EVENT log - [A user attempted to log on using only group credentials:]

I am using INTERNAL authentication. PPTP users do not have a problem, I think this is an IPSec issue of some kind.

Thanx

aghaznavi · ‎09-28-2007

If a Cisco VPN 3000 series concentrator is set up for internal authentication with only group accounts configured and no user accounts configured, then a VPN client logging in using PPTP or IPSEC user authentication succeeds by using a group name/password as login credentials. For VPN client connections using IPSEC user authentication, the Cisco VPN series concentrator will not allow the VPN client to use the same group name/password as what is configured in the VPN client's connection properties, but if another group account exists on the concentrator, then using its group name/password the VPN client can authenticate to the VPN concentrator. The Cisco VPN 3002 Hardware Client does not support PPTP or incoming connections and therefore is not vulnerable to this problem