VPN 3005 authentication against ACS 5.0

damianwhite · ‎05-12-2010

I have a VPN 3005 configured to authenticate against a Cisco Secure ACS 4 server and all user are connecting successfully via this method. I have installed an ACS 5.0 server and configured the relevant policies, defined the ACS server on the VPN 3005 and tested authentication (test is successfull). When I try to connect in via VPN the connection fails and in the logs on the VPN concentrator the new ACS server is going out of service - Server name = y.y.y.y, type = RADIUS, group = x, status = Not-in-service. It is associated with the correct group and the test authentication works, are there compatibility issues between the VPN 3005 and ACS 5.0? The VPN 3005 is running 4.7.2.P and the ACS is 5.0.0.21. Any ideas?

damianwhite · ‎05-13-2010

Upgrade to ACS 5.1 resolved this issue......

Jatin Katyal · ‎05-13-2010

Damian,

Just wanted to give you some more information. This is actually a known issue with ACS 5.0 and upgrade to 5.1 was the only solution.

Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

Used Tacacs+ instead of radius.

Here are the bug details: CSCsy17858

<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858>

Incorrect handling of Tunnel-Type & Tunnel-Client-Endpoint attrs

HTH

JK

~Jatin