I am trying to set up my ASA 500 to authenticate remote users against our internal Domain Controllers.
I have found a guide on the net which has advised me how to create an AAA Server group which tests out to query the servers fine.
I have then created a Connection profile which uses the new AAA group for authentication.
However, I am a bit confused as the details that need to be entered in to the Cisco VPN client.
I enter the group name and password but get an error in the syslog saying that the tunnel group nae is unknown.
Can any one point me in the right direction?
Mario De Rosa
Collect the debugs on the ASA:
debug cry isa 127
debug cry ipsec 127
Collect the VPN client logs (set to 3-high for all)
If you see anything about invalid hash theres still a problem with the password you have configured.
Even if you dont see a problem with the hash the above logs should give you an idea why its failing. Not everything will make sense to someone who doesnt read these all day, but just try to glance them over and see if you see anything that jumps out or compare them to a working set of logs and you should be able to find the problem.