Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RSA + RADIUS Authentication issue with 3080 Concentrator

I know, the 3080 is EOL many moons ago.  The fact is we're just getting ready to migrate to a new VPN platform but we're also migrating to RSA as a token server.  The RSA migration needs to happen first, so I'm trying to work out how to have both and External RADIUS and RSA authentication in parallel, while people move from one to the other.

I have the VPN Concentrator pointing to an ACS server for the External RADIUS server, and pointing directly to an RSA server for the SDI tokens.

The External RADIUS server is set up as Global (under Configuration | Servers | Authentication)  where the RSA server is set up under the RSA Migration group (Configuration | User Management | Groups | Authentication Servers)

When I test my RSA token account from the RSA server under the RSA Migration Group, it authenticates perfectly.  However, once I try from my VPN Client, it fails with a 427 error. (see attached log file)

On the VPN side I see this in the logs:

3361 01/24/2014 15:50:31.150 SEV=4 AUTH/9 RPT=5

Authentication failed: Reason = No active server found

handle = 628, server = (none), user = raymond kallas

To me this looks like the Concentrator is having an issue with where to send the auth request, but I'm not positive.

Any advise is greatly appreciated.


CreatePlease login to create content