Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5510 and Active directory problem

Hi I have been trying to configure Remote access VPN on an ASA 5510 using Microsoft IAS authentication. It does not seem to work.

It works only with local authentication.

I have tried different IAS servers OS running windows 2003 with and without SP1.

I can’t seem to find authentication packets reaching this IAS server. Did set up network monitoring software to do this and on debugging the AAA on the ASA it tell me that unable to reach IAS server marked down

I have attached the AAA debug

The AAA server reports the following

Server port: 1812(authentication), 1813(accounting)

Server status: FAILED, Server disabled at 04:13:58 UTC Tue Nov 8 2005

Number of pending requests 0

Average round trip time 0ms

Number of authentication requests 87

Number of authorization requests 0

Number of accounting requests 0

Number of retransmissions 39

Number of accepts 0

Number of rejects 0

Number of challenges 0

Number of malformed responses 0

Number of bad authenticators 0

Number of timeouts 87

Number of unrecognized responses 0

Can anyone help

Thanks in Advance


Re: ASA 5510 and Active directory problem

To enable the IAS server to read user objects in Active Directory

Log on to the IAS server with an account that has domain administrator credentials.

Open Internet Authentication Service

Right-click Internet Authentication Service, and then click Register Service in Active Directory. When the Register Internet Authentication Service in Active Directory dialog box appears, click OK.


To open IAS, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service. This procedure only adds the IAS server to the default domain. To add the IAS server to other domains, you must add the servers manually. To do this:

Log on the server using domain administrator credentials. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

In the console tree, select Users.

In the details pane, right-click RAS and IAS Servers, and then click Properties.

In the RAS and IAS Servers Properties dialog box, on the Members tab, add each of the IAS servers.

CreatePlease to create content