VPN Authentication against Windows 2000 Mixed-Mode Server
I have a client with a VPN 3005 concentrator, and they want to authenticate against their Windows 2000 Active Directory. However, the AD servers are running in Mixed-mode.
I have tried to configure the VPN 3005 concentrator to authenticate against the AD server, and although it recognises the domain and username, it will not authenticate (I always get an 'invalid password' message). Has anyone else experienced a similar problem/got this working?
Re: VPN Authentication against Windows 2000 Mixed-Mode Server
That is odd. I can;t think of anything kerberos / AD related that changes via the switch to native mode.
If you are using digital certs, you can use group matching rules under "Policy Matching" rules. This can probably get unwieldy, and would be nowhere as easy as using nt/ad groups, although I haven't played with the kerberos/ad auth features yet.
I would open a case with TAC - I truly cannot think of *any* reason why there would be a problem with mixed mode.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...