03-11-2008 08:58 AM
I configured the PIX to allow for remote users to connect using a Cisco VPN client.
The authentication is done on a RSA server which is in a different building (over a WAN), the firewall can ping the RSA without a problem.
When a user tries to connect to the firewall, I the firewall is giving me the following:
6|Mar 11 2008 16:31:22|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc
4|Mar 11 2008 16:31:22|109027: [ RADIUS ] Unable to decypher response message Server = 10.0.100.68, User = abc
6|Mar 11 2008 16:31:19|302015: Built outbound UDP connection 14292973 for inside:10.0.100.68/1645 (10.0.100.68/1645) to NP Identity Ifc:10.20.99.33/1025 (10.20.99.33/1025)
6|Mar 11 2008 16:23:09|302016: Teardown UDP connection 14291278 for inside:10.0.100.68/1645 to NP Identity Ifc:10.20.99.33/1025 duration 0:03:04 bytes 1098
6|Mar 11 2008 16:21:03|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc
4|Mar 11 2008 16:21:03|109027: [ RADIUS ] Unable to decypher response message Server = 10.0.100.68, User = abc
6|Mar 11 2008 16:21:02|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc
Looking at cisco, this message is saying that the firewall is having issues communicating with the RSA server, but I can ping it without an issue, and barely any latency.
Any idea???
03-17-2008 05:14 AM
1st have you tested so that the RSA device works with a radius testing tool
If not then thats where i would start.
it could be wrong password or that the device does not accept connections from this unit. a test tool would show you if that is the case.
03-17-2008 06:40 AM
The RSA is working with another firewall, so I know it is functioning. The issue may be that firewall that cannot authenticate with the RSA server is across a WAN which may cause an issue. I am now building another RSA server in the same site and see if that makes a difference, I'll let you know.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: