10-12-2005 07:06 PM - edited 02-21-2020 02:02 PM
Since upgrading out 3030 VPN box from 4.1.7 to 4.7.2b, end user cannot connect to the box.
The certificate is validated, the group is selected, Cisco VPN param are downloaded from the ACS, Secur-Id is authenticated, everything report ok but, session terminate with this message. We didn't change anything in the ACS or VPN config. I have test the group communication between the 3030 and ACS
50472 10/12/2005 17:27:15.940 SEV=4 AUTH/88 RPT=8 69.70.20.102
Authorization failed: Reason = No active server found
handle = 20, server = (none), user = bouxxx
Any idea?
10-18-2005 01:43 PM
The issue may be due to the Firewall that needs to be configured to communicate with a TACACS+ or RADIUS server.
To resolve this issue, perform these steps:
Configure Authentication, Authorization and Accounting (AAA) on the PIX Firewall and AAA server.
Re-enable extended authentication (Xauth).
Retry the client VPN connection.
10-18-2005 04:01 PM
No, we have open a case with TAC and sent our 3030 and ACS configurations and Cisco have been able to reproduce the problem. It is a bug in cisco code with external group in release 4.7.1 and 4.7.2 but not in 4.1.7 and 4.7.0. We are waiting for a fix.
12-02-2005 03:52 AM
Did you ever get this problem resolved? I'm seeing something similar after an upgrade to 4.7.2 where authorization is failing. Can't find anything relating to this in the TAC Bug Tool.
12-02-2005 05:57 AM
The case was open, the analyst was able to reproduce the problem and he told us that he sent it to developpemment.
No news since... Anyway, we were upgrading hoping to solve another problem that was finally created by a bad parameter in the VPN configuration... My fault in fact.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: