cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
569
Views
0
Helpful
4
Replies

Authorization failed since upgrading VPN 3030 from 4.1.7 to 4.7.2b

dbourque
Level 1
Level 1

Since upgrading out 3030 VPN box from 4.1.7 to 4.7.2b, end user cannot connect to the box.

The certificate is validated, the group is selected, Cisco VPN param are downloaded from the ACS, Secur-Id is authenticated, everything report ok but, session terminate with this message. We didn't change anything in the ACS or VPN config. I have test the group communication between the 3030 and ACS

50472 10/12/2005 17:27:15.940 SEV=4 AUTH/88 RPT=8 69.70.20.102

Authorization failed: Reason = No active server found

handle = 20, server = (none), user = bouxxx

Any idea?

4 Replies 4

wong34539
Level 6
Level 6

The issue may be due to the Firewall that needs to be configured to communicate with a TACACS+ or RADIUS server.

To resolve this issue, perform these steps:

Configure Authentication, Authorization and Accounting (AAA) on the PIX Firewall and AAA server.

Re-enable extended authentication (Xauth).

Retry the client VPN connection.

No, we have open a case with TAC and sent our 3030 and ACS configurations and Cisco have been able to reproduce the problem. It is a bug in cisco code with external group in release 4.7.1 and 4.7.2 but not in 4.1.7 and 4.7.0. We are waiting for a fix.

d-g-c
Level 1
Level 1

Did you ever get this problem resolved? I'm seeing something similar after an upgrade to 4.7.2 where authorization is failing. Can't find anything relating to this in the TAC Bug Tool.

The case was open, the analyst was able to reproduce the problem and he told us that he sent it to developpemment.

No news since... Anyway, we were upgrading hoping to solve another problem that was finally created by a bad parameter in the VPN configuration... My fault in fact.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: