Problem with communication between RADIUS server and 3080 Concentrator

Unanswered Question
Jun 5th, 2008

I have a Cisco 3080 VPN concentrator. It is currently configured for Lan-to-Lan VPNs as well as IPSec clients. The client groups are configured to use IP address pools that are configured on the 3080 and their authentication is passed to the RADIUS server (ACS) where the user accounts are configured. I currently have 97 different groups configured and 12 Lan-to-Lan connections configured.

For all existing groups configured on the 3080 to use the RADIUS server for authentication, the authentication server test from the

3080 to the RADIUS works fine (authenticates successfully). However, I am trying to add a new group today and when I configure the authentication server for the new group and test to the RADIUS server using a valid account I receive an error of "An error has occurred whil attempting to perform the operation. AUTHENTICATION ERROR: No active server found." Any ideas as to why this would happen. The server secret is correct; I have checked and double checked and even deleted it and added it again. No change for this one new group that I am trying to add; all other groups are working fine and authentication is successful.

Any ideas, questions, comments would be more than appreciated. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Fri, 06/06/2008 - 04:16

Melissa

There are 2 places where the authentication server can be configured. There is a global definition of authentication server. And there is an option at the group level to specify the authentication server. Your symptoms suggest that the authentication server was configured at the group level for the groups that work and may not have been configured at the group level for your new group.

A way to check this would be to go to group configuration. Select one of the groups that does work. Then select the option for authentication server. If it shows a server configured then the solution is to select your new group, select the authentication server option and specify your authentication server.

HTH

Rick

Actions

This Discussion