cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
952
Views
0
Helpful
7
Replies

Migration VPN scenario from ACServer 4.2 to ACSystem 5.3.

andrea.meconi
Level 2
Level 2

Hello.

I'm using Cisco Secure ACS 4.2 for Windows to configure and authenticate VPNs external groups and users on VPN 3K concentrator.

Now I'm migrating to AC System 5.3.

I'm trying to configure the new system to do the same work.

I have configured a new access profile with all RADIUS attributes, than an access policy.

IPSec Phase 1 completed successfully but VPN client doesn't procede with XAUTH.

ACS View reports the correct rule and access service.

Any ideas?

Thanks.

Regards.

Andrea

1 Accepted Solution

Accepted Solutions

Andrea,

What patch are you on? If you are at the latest patch then I would suggest opening a tac case.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

7 Replies 7

Tarik Admani
VIP Alumni
VIP Alumni

Can you post a screenshot of your ACS 4.x user or group configuration and a screenshot of the authorization profile you built?

Thanks.

Tarik Admani
*Please rate helpful posts*

Hello Tarik and many thanks for your help.

I'm going to collect info...

...Reading the concentrator's log I can find a IPSec connection type L2L related to my test.

ACS 5.3 is configured for a RA connection type.

Andrea

Andrea,

Can you remove the ; after the class attribute, and also please take a screenshot of the successful user authentication record in ACS 5.x can you verify that you are hitting the correct rule? Everything seems to be correct with respect to the group settings

Tarik Admani
*Please rate helpful posts*

Tarik,

I remove the ; and test the VPN without success.

ACS authenticates correctly and uses rule #0.

Regards.

Andrea

Andrea,

What patch are you on? If you are at the latest patch then I would suggest opening a tac case.

Thanks,

Tarik Admani
*Please rate helpful posts*

Yes, we are using the last one.

Thanks.

Regards.

Andrea

We need to remove the Tunnel-Type attribute to work.

Regards.

Andrea

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: