Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authorization failed since upgrading VPN 3030 from 4.1.7 to 4.7.2b

Since upgrading out 3030 VPN box from 4.1.7 to 4.7.2b, end user cannot connect to the box.

The certificate is validated, the group is selected, Cisco VPN param are downloaded from the ACS, Secur-Id is authenticated, everything report ok but, session terminate with this message. We didn't change anything in the ACS or VPN config. I have test the group communication between the 3030 and ACS

50472 10/12/2005 17:27:15.940 SEV=4 AUTH/88 RPT=8 69.70.20.102

Authorization failed: Reason = No active server found

handle = 20, server = (none), user = bouxxx

Any idea?

4 REPLIES
Silver

Re: Authorization failed since upgrading VPN 3030 from 4.1.7 to

The issue may be due to the Firewall that needs to be configured to communicate with a TACACS+ or RADIUS server.

To resolve this issue, perform these steps:

Configure Authentication, Authorization and Accounting (AAA) on the PIX Firewall and AAA server.

Re-enable extended authentication (Xauth).

Retry the client VPN connection.

New Member

Re: Authorization failed since upgrading VPN 3030 from 4.1.7 to

No, we have open a case with TAC and sent our 3030 and ACS configurations and Cisco have been able to reproduce the problem. It is a bug in cisco code with external group in release 4.7.1 and 4.7.2 but not in 4.1.7 and 4.7.0. We are waiting for a fix.

New Member

Re: Authorization failed since upgrading VPN 3030 from 4.1.7 to

Did you ever get this problem resolved? I'm seeing something similar after an upgrade to 4.7.2 where authorization is failing. Can't find anything relating to this in the TAC Bug Tool.

New Member

Re: Authorization failed since upgrading VPN 3030 from 4.1.7 to

The case was open, the analyst was able to reproduce the problem and he told us that he sent it to developpemment.

No news since... Anyway, we were upgrading hoping to solve another problem that was finally created by a bad parameter in the VPN configuration... My fault in fact.

197
Views
0
Helpful
4
Replies
CreatePlease login to create content