Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Silver

VPN 3002 and Individual User Authentication

I am attempting to get Individual User Authentication (IUA) working on a VPN3002 hardware client (client and concentrator at 3.6.1). The user details are stored on a CSACS server (2.6(1)). The static user name/password for the initial tunnel authentication (as stored on the VPN3002) are also stored in the CSACS user database. The user names used for IUA are CSACS users which are defined as SDI Token card users. These users can successfully authenticate with the VPN Concentrator when using the VPN software client.

The tunnel between the VPN3002 and the Concentrator is established successfully, but the IUA is failing. The following entries are displayed in the log file:

5967 09/18/2002 18:14:52.740 SEV=3 AUTH/5 RPT=91 195.X.X.X

Authentication rejected: Reason = User was not found

handle = 472, server = Internal, user = test.user, domain = <not specified>

5969 09/18/2002 18:14:52.740 SEV=5 AUTH/48 RPT=5

RADIUS Proxy received an auth reject for hw client 10.99.200.1

5970 09/18/2002 18:14:52.740 SEV=5 AUTH/48 RPT=6

RADIUS Proxy received an auth reject for hw client 10.99.200.1

The documentation suggests that IUA queries all the Authentication servers in turn, starting at the top of the list. This explains the three lines above: the user is not found in the internal database, and the two RADIUS (CSACS) servers are then queried in turn, but both are responding with an "authetication reject" error. The IP address 10.99.200.1 is the IP address of the private interface of the VPN3002. What could be causing this? Does anything special need to be configured within CSACS?

2 REPLIES
Silver

Re: VPN 3002 and Individual User Authentication

The following is a great link for configuring IUA on the concentrator. http://www.cisco.com/warp/public/471/vpn3002-ind-usr-auth.html

New Member

Re: VPN 3002 and Individual User Authentication

in the servers section on concentrator move that auth server to the top

106
Views
4
Helpful
2
Replies