Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4, VPN and Radius

I am trying to get our vpn users to authenticate against a windows database using radius in ACS 4.0. We use Checkpoint for our vpn and it seems to be passing on the radius request to the acs server. If I look in failed attempts log on the acs all I see is "External DB user invalid or bad password". I have a group in windows mapped to a group in the ACS server, but I am not sure if the settings for that group are correct. Should I be using any of the IETF attributes? or just leave them alone? I have checked the keys, configuration of the checkpoint and can't get this to work. Any idea?

New Member

Re: ACS 4, VPN and Radius

When I look in the failed attempts it shows that it is trying to authenticate against the "default group" instead of the group I have mapped the users to in active directory? How does ACS decide which group to use?

New Member

Re: ACS 4, VPN and Radius

Both groups are different, and in my point of view they dont have any realtionship with each other.

ACS and AD is installed on same machine? if not then acs machine must join the domain and configure the unknown user policy.

Just change the name of default group.