Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vista resident VPN client unable to authenticate through ACS Server

We have users attempting to connect to our VPN concentrator externally. It looks like the connection is made and then it is checking for username/password. After that it just does not connection [or authenticate] This points me to the ACS server the Concentrator is using for Radius. The ACS is version 3.3.

The ACS is set up to check against windows active directory. IT works fine with XP just not Vista...

Any ideas?

8 REPLIES
Cisco Employee

Re: Vista resident VPN client unable to authenticate through ACS

Hi,

Do you see any entry in failed attempts for the Vista clients ?

Regards,

Vivek

New Member

Re: Vista resident VPN client unable to authenticate through ACS

Hi,

I have the latest vista vpn client and I am able to connect through our VPN connectrator using ACS for authentication with AD. Check the logs on your ACS and try debugging ont he client itself.

New Member

Re: Vista resident VPN client unable to authenticate through ACS

I am getting an error on the ACS .. 'auth type not supported by External DB' ..

I am not using the Cisco client but the VPN client connection built into Vista.

Any ideas on the error?

New Member

Re: Vista resident VPN client unable to authenticate through ACS

The ACS is set to query Active directory first then a linux ldap server IF the ACS cannot determine if they are in the cisco secure database

Cisco Employee

Re: Vista resident VPN client unable to authenticate through ACS

Hi,

Can you try it without using MPPE encryption.

If it works, then you have to play around with authentication settings(MSCHAP v1 ,MSCHAP v2) on the Conc and on the client.

This link would help you :

http://cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080094310.shtml

HTH,

-Kanishka

Cisco Employee

Re: Vista resident VPN client unable to authenticate through ACS

Hi,

Active Directory does not support Chap and LDAP does not support Chap/mschap.

Regards,

Vivek

New Member

Re: Vista resident VPN client unable to authenticate through ACS

AD does support MSCHAP2 yes?

There must be other engineers or cases on file in cisco speaking to this issue or at least a best practice configuration to get the connection between the Vista built in client and authentication through the ACS...

Cisco Employee

Re: Vista resident VPN client unable to authenticate through ACS

Hi,

AD supports MSchap but not Chap.

Regards,

Vivek

275
Views
0
Helpful
8
Replies
CreatePlease login to create content