Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


VPN 3002 and Individual User Authentication

I am attempting to get Individual User Authentication (IUA) working on a VPN3002 hardware client (client and concentrator at 3.6.1). The user details are stored on a CSACS server (2.6(1)). The static user name/password for the initial tunnel authentication (as stored on the VPN3002) are also stored in the CSACS user database. The user names used for IUA are CSACS users which are defined as SDI Token card users. These users can successfully authenticate with the VPN Concentrator when using the VPN software client.

The tunnel between the VPN3002 and the Concentrator is established successfully, but the IUA is failing. The following entries are displayed in the log file:

5967 09/18/2002 18:14:52.740 SEV=3 AUTH/5 RPT=91 195.X.X.X

Authentication rejected: Reason = User was not found

handle = 472, server = Internal, user = test.user, domain = <not specified>

5969 09/18/2002 18:14:52.740 SEV=5 AUTH/48 RPT=5

RADIUS Proxy received an auth reject for hw client

5970 09/18/2002 18:14:52.740 SEV=5 AUTH/48 RPT=6

RADIUS Proxy received an auth reject for hw client

The documentation suggests that IUA queries all the Authentication servers in turn, starting at the top of the list. This explains the three lines above: the user is not found in the internal database, and the two RADIUS (CSACS) servers are then queried in turn, but both are responding with an "authetication reject" error. The IP address is the IP address of the private interface of the VPN3002. What could be causing this? Does anything special need to be configured within CSACS?


Re: VPN 3002 and Individual User Authentication

The following is a great link for configuring IUA on the concentrator.

New Member

Re: VPN 3002 and Individual User Authentication

in the servers section on concentrator move that auth server to the top