Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Hello.

I'm using Cisco Secure ACS 4.2 for Windows to configure and authenticate VPNs external groups and users on VPN 3K concentrator.

Now I'm migrating to AC System 5.3.

I'm trying to configure the new system to do the same work.

I have configured a new access profile with all RADIUS attributes, than an access policy.

IPSec Phase 1 completed successfully but VPN client doesn't procede with XAUTH.

ACS View reports the correct rule and access service.

Any ideas?

Thanks.

Regards.

Andrea

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Andrea,

What patch are you on? If you are at the latest patch then I would suggest opening a tac case.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
7 REPLIES

Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Can you post a screenshot of your ACS 4.x user or group configuration and a screenshot of the authorization profile you built?

Thanks.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Re: Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Hello Tarik and many thanks for your help.

I'm going to collect info...

...Reading the concentrator's log I can find a IPSec connection type L2L related to my test.

ACS 5.3 is configured for a RA connection type.

Andrea

Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Andrea,

Can you remove the ; after the class attribute, and also please take a screenshot of the successful user authentication record in ACS 5.x can you verify that you are hitting the correct rule? Everything seems to be correct with respect to the group settings

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Re: Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Tarik,

I remove the ; and test the VPN without success.

ACS authenticates correctly and uses rule #0.

Regards.

Andrea

Re: Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Andrea,

What patch are you on? If you are at the latest patch then I would suggest opening a tac case.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Re: Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

Yes, we are using the last one.

Thanks.

Regards.

Andrea

New Member

Re: Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

We need to remove the Tunnel-Type attribute to work.

Regards.

Andrea

546
Views
0
Helpful
7
Replies
CreatePlease to create content