04-01-2003 01:23 AM - edited 03-10-2019 07:14 AM
Hi!
I have a problem getting authentication between RSA Radius 5.0 and a VPN 3005. I can ping from 3005 to Radius server and vice versa.
After setting everything up, I tried to do the first elementary thing.
To test the authentication from the VPN3005. In the logg I can read the following.
Server name = 10.5.212.55, type = RADIUS,
group = none (global server), status = Not-in-service
11656 04/01/2003 09:17:54.370 SEV=4 AUTH/11 RPT=298 62.119.92.67
Accounting failed: Reason = No active server found
handle = 730, server = 10.5.212.55, user = test
11665 04/01/2003 09:18:53.370 SEV=4 AUTH/15 RPT=690
Server name = 10.5.212.55, type = RADIUS,
group = none (global server), status = Active
I´ve also tried from the "outside"
Initializing the connection...
Initiating TCP to 62.127.101.212, port 10000...
Contacting the gateway at 62.127.101.212...
Remote peer is no longer responding.
And then i can read the following in the logg
11697 04/01/2003 09:26:51.870 SEV=3 AUTH/5 RPT=32 62.119.92.67
Authentication rejected: Reason = Unspecified
handle = 733, server = 10.5.212.55, user = BComTech, domain = <not specified>
11699 04/01/2003 09:26:51.870 SEV=4 IKEDBG/65 RPT=30 62.119.92.67
Group [BComTech]
IKE AM Responder FSM error history (struct &0x3948ed8)
<state>, <event>:
AM_DONE, EV_ERROR_CONT
AM_DONE, EV_ERROR
AM_BLD_MSG2, EV_GROUP_FAIL
AM_BLD_MSG2, NullEvent
I guess I´m missing something pretty much basic.
Anyone who can enlighten me?
Best regards
Johan
04-03-2003 05:27 AM
Hello Johan,
I see that in the log no active server found. That can mean that the ACS server doesn't know what NAS can connect to the ACE server. So create the NAS server on the ACS server as a client.
Also create the ACS server as a client on the server itself. Take care of the key wich is case sensitive.
Another thing to test is if the token is working fine. There is a possibility to test the token direct on the server before testing it on the vpn.
Then you can see that the token is working fine and also synchronised with the server. After that you can try it from the vpn.
04-03-2003 05:42 AM
Thanks for the input!
I managed to get it to work before reading your reply.
Because it's my first time installing a RSA server I did some basic mistakes.
I found a useful pdf document on RSA Website that cleared up a few things.
So now everthing works fine.
Thanks anyway, appreciate the respons
Best Regards
Johan
04-03-2003 05:59 AM
What was the solution ????
04-03-2003 06:27 AM
Hi again!
Well, there was quiet much to alter.
First the "Group" created in the 3005, I had to change that from "External" type to "internal". Then choose SDI authentication under the "IPSEC" tab.
Then, under Configuration/system/servers/authentication then select SDI on "server type". Before I had chosen "Radius".
Further on, create a group in the RSA server with the same name as in the VPN 3005 and assign the users into that group as well.
Assuming you are more competent than me, I guess I don't have to go into the details regarding creating users, assigning tokens and so on.
Though, if you have more questions I'd be happy to answer them.
Kind regards
Johan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: