cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
743
Views
0
Helpful
3
Replies

VPN concentrator to ASA migration - auth. issue

mchockalingam
Level 1
Level 1

Hi All,

I am in the process of migrating the remote access VPN (IPSec) from VPN 3020 to ASA. Local authentication works fine. If I add IAS radius servers for authentication, then I get the following error message

Secure VPN connection terminated by Peer.

Reason 433: (Reason Not Specified by Peer)

Packet capture shows IAS server returning "access-reject". IAS server is configured the same way as the VPN 3020.

I am running 8.0(0) code on the ASA. Any idea what is causing it?

1 Accepted Solution

Accepted Solutions

Hi,

Did you specified the shared secret between asa and IAS?

Did you specified in RADIUS server that ASA is allowed to send queries? In other word did you specified that ASA is a valid NAS?

This link may be useful: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

I hope this helps.

Best regards.

Massimiliano.

View solution in original post

3 Replies 3

Hi,

Did you specified the shared secret between asa and IAS?

Did you specified in RADIUS server that ASA is allowed to send queries? In other word did you specified that ASA is a valid NAS?

This link may be useful: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

I hope this helps.

Best regards.

Massimiliano.

dcarlton
Level 1
Level 1

The 3030 always sent the domain by default but the ASA does not send it unless the user enters it. Check the System event log on the IAS server and look at the fully-qualified-user-name entry and make sure the domain is correct.

Can you paste the entire System event entry for a user that's being rejected?

Problem solved!

It was the shared secret key after all. I went back to the IAS server guy and asked him to confirm the shared secret and I was using 'l' instead of '1' (one). I entered the correct key and it started working.

Thanks for all the suggestions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: