Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
1
Replies

VPN3000 to ACSv5, wont give up IAS

Eric Hansen
Level 1
Level 1

‎07-15-2009 05:36 AM

Hello

I am setting up a pair of ACS v5 appliances to talk to Active Directory for a Cisco VPN Concentrator 3060. I have setup the ACS servers and put them in the VPN under CONFIGURATION - SYSTEM - SERVERS - AUTHENTICATION, and when I use the “test” button to test them they work great.

The problem is that prior to using the ACS appliances we were using a Microsoft IAS server to do the RADIUS, it worked but we are retiring it. Under the AUTHENTICATION settings we moved the IAS server to the bottom of the list…

Internal

ACS Server 1

ACS Server 2

MS-IAS

But for some reason any Active Directory user that logs in still gets authenticated to the IAS server, remember that when we use the “test” button on either of the ACS servers they return “Authentication Successful”. We tried deleting the IAS server and after that nobody can log in, when we put it back they can log in again.

Its like ACS only works in the test function. Please help.

e-

Labels:
0 Helpful
1 Reply 1

slmansfield
Level 4
Level 4

‎07-16-2009 07:21 AM

Assuming you are testing and logging into VPN with the same userid, I think the difference between the test function and logging into VPN is that VPN uses group settings for the userid. You might check to see if the authentication setting for the group (or base group) is RADIUS. Authentication is on the IPSEC tab for the group.

HTH

0 Helpful
Customers Also Viewed These Support Documents