I have a group of wireless AP running WDS, all authentications (infrastructure and clients) are done with a Cisco ACS 3.3 which is separated by a Checkpoint firewall. Everything was working fine until recently I relocated all the APs to a different VLAN. The only change is the IP of the APs, no change to the ACS, proper rules are created on the firewall. All authentications are now failed even with the same credentials and the Autentication Failure Code in ACS is "User Access Filtered". No "Network Access Restrictions" has ever configured on ACS, why ACS is giving this error code? Looking at the log of the ACS, the only thing different is that all requests now come from a high "NAS-Port" >80000. Anyone has a clue? Thanks.
I think "User Access Filtered" message always means that a Network Access Restriction (NAR) has been configured either in the user or group settings that are blocking the user from accessing the network through the device they are connecting to. This error also may occur when the TACACS+ and the RADIUS NAS use the same IP address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...