I have the following setup that needs assistance:
VPN concentrator 3005 running code 4.7.2.N latest
code. VPN public interface IP address is 4.2.2.2.
VPN private interface IP address is 192.168.2.20/28
There is NO filter on the public interface.
On the 192.168.2.0/28 network, I have a Cisco ACS
3.2 running win2k3 and an RSA SecurID Server.
ACS Server IP is 192.168.2.17/28 and RSA Server
is 192.168.2.18/28. The default gateway for these
server is 192.168.2.20. The Win2k3 running ACS is also
an Microsoft Active Directory as well. I configured
the VPNc to use ACS radius server and external database
is the RSA securID server
I configured 3 different groups on the ACS, Native_ACS,
Active_Directory, and RSA_SecurID group. I configured
the ACS and the VPN concentrator according to this
example:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094a03.shtml
I have 3 users, vpn3k is native ACS user, test1 is an
account on the RSA SecurID Server, and lcs1 is an account
on the AD server. When I tested the AAA authentication,
VPN concentrator tells me that all 3 accounts are good
Now I setup the concentrator for PPTP connection,
vpn3k and lcs1 users can connect just fine. However, test1
which is a SecurID account can NOT connect at all.
Another weird issue is that if I enable "msCHAPv2" in the
basegroup for PPTP, vpn3k can connect just fine, but lcs1
user which is an Active Directory account, can NOT connect
at al, even though clearly in the VPNc log, it states that
this user pass msCHAPv2 authetication:
437 01/29/2008 12:17:21.540 SEV=5 PPP/8 RPT=27 192.168.5.99
User [lcs1]
Authenticated successfully with MSCHAP-V2
Anyone know of a solid book/site regarding cisco VPN concentrator
for remote access for PPTP and IPSec? It looks to me that
even CCIE caliber people do not have a solid understanding of
the VPN concentrator due to many features/options that this device
has.
But first and foremost, I need a solution to this issue. Thanks.