Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN 3005 authentication against ACS 5.0

I have a VPN 3005 configured to authenticate against a Cisco Secure ACS 4 server and all user are connecting successfully via this method.  I have installed an ACS 5.0 server and configured the relevant policies, defined the ACS server on the VPN 3005 and tested authentication (test is successfull).  When I try to connect in via VPN the connection fails and in the logs on the VPN concentrator the new ACS server is going out of service - Server name = y.y.y.y, type = RADIUS, group = x, status = Not-in-service.  It is associated with the correct group and the test authentication works, are there compatibility issues between the VPN 3005 and ACS 5.0?  The VPN 3005 is running 4.7.2.P and the ACS is 5.0.0.21. Any ideas?

Everyone's tags (4)
2 REPLIES
New Member

Re: VPN 3005 authentication against ACS 5.0

Upgrade to ACS 5.1 resolved this issue......

Cisco Employee

Re: VPN 3005 authentication against ACS 5.0

Damian,


Just wanted to give you some more information. This is actually a known issue with ACS 5.0 and upgrade to 5.1 was the only solution.


Access policy rule was not matching. Also, could not use radius as hitting CSCsy17858

Used Tacacs+ instead of radius.


Here are the bug details: CSCsy17858


<http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCsy17858>


Incorrect handling of Tunnel-Type & Tunnel-Client-Endpoint attrs



HTH


JK

~BR Jatin Katyal **Do rate helpful posts**
783
Views
0
Helpful
2
Replies
CreatePlease to create content