VPN 3005 authentication against ACS 5.0

Unanswered Question
May 12th, 2010
User Badges:

I have a VPN 3005 configured to authenticate against a Cisco Secure ACS 4 server and all user are connecting successfully via this method.  I have installed an ACS 5.0 server and configured the relevant policies, defined the ACS server on the VPN 3005 and tested authentication (test is successfull).  When I try to connect in via VPN the connection fails and in the logs on the VPN concentrator the new ACS server is going out of service - Server name = y.y.y.y, type = RADIUS, group = x, status = Not-in-service.  It is associated with the correct group and the test authentication works, are there compatibility issues between the VPN 3005 and ACS 5.0?  The VPN 3005 is running 4.7.2.P and the ACS is 5.0.0.21. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Thu, 05/13/2010 - 19:14
User Badges:
  • Cisco Employee,

Damian,


Just wanted to give you some more information. This is actually a known issue with ACS 5.0 and upgrade to 5.1 was the only solution.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

Used Tacacs+ instead of radius.


Here are the bug details: CSCsy17858


<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858>


Incorrect handling of Tunnel-Type & Tunnel-Client-Endpoint attrs



HTH


JK

Actions

This Discussion