Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3000Concentrator - How to tell which auth server being used

We own several 3000-series concentrators. Today we had a major issue where users could not connect via Remote Access. Because we didn't have DHCP scopes specified in the concentrator, it (apparently) was pulling DHCP from the auth server being used.

Because we had 8 authentication servers in our server list, I couldn't tell which server was causing the issue.

Is there ANY way to find this information in the concentrator? I ended up having to connect to every single one...

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 3000Concentrator - How to tell which auth server being used

When you go to Configuration | User Management, you will see the defined groups in there, if you highlight the group you desire and then on the right click on the button "authentication server" you can add the authentication server that this particular group will use.

7 REPLIES

Re: 3000Concentrator - How to tell which auth server being used

Other than setting Authentication logs and go through the logs, there is no way to tell what Authentication server your CVPN is using at that time. But it really depends on whether you have it assigned to the group, if it is globally defined, if they are the same type of servers.

New Member

Re: 3000Concentrator - How to tell which auth server being used

Thank you for the reply! That clears things up a lot for me.

One other quick scenario:

Suppose there are three authentication servers, and suppose that each auth server belongs to a different domain. If three users log in and all attempt to use NT credentials, one from each domain, will it automatically use the "correct" respective auth servers?

Re: 3000Concentrator - How to tell which auth server being used

They will use the authentication server that:

1) is assigned to the group (if any)

or

2) the first authentication server on the list.

The CVPN does not differentiate the authentication server based on domains, tipically the user would enter DOMAIN\USER to authenticate but the CVPN cannot be a member of any domain to strip this and send it to the correct domain, instead it will just forward DOMAIN\USER to the authentication server that first match the request.

New Member

Re: 3000Concentrator - How to tell which auth server being used

Thanks again for the response :)

Last question:

How do I assign which auth server is associated with a specific group? I see where to assign what 'type' of auth (NTBackup, etc), but not an area to assign a specific server to a specific group (I'm looking in group config).

Re: 3000Concentrator - How to tell which auth server being used

When you go to Configuration | User Management, you will see the defined groups in there, if you highlight the group you desire and then on the right click on the button "authentication server" you can add the authentication server that this particular group will use.

New Member

Re: 3000Concentrator - How to tell which auth server being used

Ah, I had NO idea.

Thank you so much, you've been a huge help.

Re: 3000Concentrator - How to tell which auth server being used

Take care!

131
Views
0
Helpful
7
Replies
CreatePlease login to create content