VPN3000 to ACSv5, wont give up IAS

Unanswered Question
Jul 15th, 2009

Hello

I am setting up a pair of ACS v5 appliances to talk to Active Directory for a Cisco VPN Concentrator 3060. I have setup the ACS servers and put them in the VPN under CONFIGURATION - SYSTEM - SERVERS - AUTHENTICATION, and when I use the “test” button to test them they work great.

The problem is that prior to using the ACS appliances we were using a Microsoft IAS server to do the RADIUS, it worked but we are retiring it. Under the AUTHENTICATION settings we moved the IAS server to the bottom of the list…

Internal

ACS Server 1

ACS Server 2

MS-IAS

But for some reason any Active Directory user that logs in still gets authenticated to the IAS server, remember that when we use the “test” button on either of the ACS servers they return “Authentication Successful”. We tried deleting the IAS server and after that nobody can log in, when we put it back they can log in again.

Its like ACS only works in the test function. Please help.

e-

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
slmansfield Thu, 07/16/2009 - 07:21

Assuming you are testing and logging into VPN with the same userid, I think the difference between the test function and logging into VPN is that VPN uses group settings for the userid. You might check to see if the authentication setting for the group (or base group) is RADIUS. Authentication is on the IPSEC tab for the group.

HTH

Actions

This Discussion