cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1814
Views
0
Helpful
4
Replies

users cannot authenticate with vpn client3.5

rlew
Level 1
Level 1

we have w2k/nt network and using pix520 as vpn gateway. users have no problem connecting to pix and pinging hosts by name. but cannot authenticate on member servers except domain controller. any ideas?

4 Replies 4

avi
Level 1
Level 1

For the user name try typing DOMAINNAME\USERNAME

We have tried that and it doesn't work. VPN users never receive prompt for network authentication, I think this is the primary reason why the users cannot get access to the network resources.

abdul.kokumo
Level 1
Level 1

You may want to check the WINS the client are using. Also make sure that Client for Microsoft Networks are enabled on the NIC/PPP adapter which ever you are using for the connection.

Hi rlew;

I am not sure if you have IAS on w2k running as your AAA server, but I am going to assume that you do.

there are 2 authentications that take place in establishing a VPN between the client and the PIX, the first phase is the group authentication which takes place on the pix, and the second phase is when the client gets prompted with username/password window which the AAA server use to authenticate.

If you are successful in the group authentication and you are not prompted with the client username/password window it is a setting on your PIX. Make sure you have the following command enabled on the PIX

"crypto map map-name client authentication tag-name"

If the first phase is not successful you need to check your group name and password settings on the PIX and your VPN client software.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: