Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Kerberos authentication fail on ASA 5505 -Decrypt integrity-

Hi,

I'm trying to configure Kerberos authentication on ipsec-l2tp vpn tunnel. However, when I use my domain user to establish a connection I get this error:

ASA-Oslo# kerberos mkreq: 0x176

kip_lookup_by_sessID: kip with id 374 not found

alloc_kip 0xd9b9bdf0

    new request 0x176 --> 11 (0xd9b9bdf0)

add_req 0xd9b9bdf0 session 0x176 id 11

In kerberos_build_request

In kerberos_open_connection

In kerberos_send_request

********** START: KERBEROS PACKET DECODE ************

Kerberos: Message type KRB_AS_REQ

Kerberos: Option forwardable

Kerberos: Option renewable

Kerberos: Option renewable accepted

Kerberos: Client Name antonio.torres

Kerberos: Client Realm IBISTIC.LOCAL

Kerberos: Server Name krbtgt

Kerberos: Start time 0

Kerberos: End time -643858960

Kerberos: Renew until time -653409600

Kerberos: Nonce 0x5242a360

Kerberos: Encryption type rc4-hmac-md5

Kerberos: Encryption type des-cbc-md5

Kerberos: Encryption type des-cbc-crc

Kerberos: Encryption type des-cbc-md4

Kerberos: Encryption type des3-cbc-sha1

Kerberos: Address 10.40.49.1

********** END: KERBEROS PACKET DECODE ************

In kerberos_recv_msg

In kerberos_process_response

********** START: KERBEROS PACKET DECODE ************

Kerberos: Message type KRB_AS_REP

Kerberos: Client Name antonio.torres

Kerberos: Client Realm IBISTIC.LOCAL

********** END: KERBEROS PACKET DECODE ************

Kerberos library reports: "Decrypt integrity check failed"

In kerberos_close_connection

remove_req 0xd9b9bdf0 session 0x176 id 11

free_kip 0xd9b9bdf0

kerberos: work queue empty

I've been looking for documentation about this error but I was not able to figure out what's wrong. I've already also turned off 'Do not require pre-authentication' on account option.

Some one get also this error?

Any help will be more than welcome,

Thanks in advance,

Antonio

Everyone's tags (4)
298
Views
0
Helpful
0
Replies