Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Authentication Failed to 2008 NPS from Cisco IOS VPN

I'm trying to authenticate VPN connections to a Windows 2008 NPS Radius server.

Local authentication works fine.

Here are cisco configs:

aaa new-model
aaa authentication login default local
aaa authentication login VPNauth group radius local
aaa authorization network VPNgroup local
aaa session-id common

ip radius source-interface Loopback0
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 xxxx


crypto map VPNMAP client authentication list VPNauth
crypto map VPNMAP isakmp authorization list VPNgroup
crypto map VPNMAP client configuration address respond
crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
...

... other crypto commands

This is the section of the log from NPS:


Authentication Details:
    Connection Request Policy Name:    VPN
    Network Policy Name:        -
    Authentication Provider:        Windows
    Authentication Server:        x.x.x.x
    Authentication Type:        PAP
    EAP Type:            -
    Account Session Identifier:        -
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            16
    Reason:                Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

I do have PAP enabled on the Network/Connection Request Policies...

I'm stuck

Please help

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Authentication Failed to 2008 NPS from Cisco IOS VPN

Can you run a "teat aaa " command to see if the user can be authenticated successfully?

I think this might be a configuration issue on NPS. You can google it. Here is one I found, refer to "irishHam" post.

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3

2 REPLIES

Re: Authentication Failed to 2008 NPS from Cisco IOS VPN

Can you run a "teat aaa " command to see if the user can be authenticated successfully?

I think this might be a configuration issue on NPS. You can google it. Here is one I found, refer to "irishHam" post.

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3

New Member

Re: Authentication Failed to 2008 NPS from Cisco IOS VPN

Thanks,

Looks like the issue was the RADIUS shared key... It has to be 22 characters or longer. Mine was only 12.

6681
Views
0
Helpful
2
Replies