Cisco Support Community
Community Member

User Authentication fails in L2TP/IPsec conf with ACS

Hi forum,

I have setup deployment for l2tp/IPsec were wireless client authenticate versus ACS server via VPN 3000 concentrator.

ACS is configured to search for users in Active Directory.

The problem is that only after 5-6 times the user is successfully authenticated.

I get the following error on the concentrator:

1212 01/30/2004 16:40:39.370 SEV=6 AUTH/6 RPT=622 Authentication challenge: handle = 972, server =, user = vnrcorl@c

1214 01/30/2004 16:40:43.430 SEV=4 AUTH/15 RPT=457 Server name =, type = RADIUS, group = none (global server), status = Not-in-service

1216 01/30/2004 16:40:43.430 SEV=4 AUTH/9 RPT=283 Authentication failed: Reason = No active server found handle = 972, server = (none), user =

1218 01/30/2004 16:40:43.430 SEV=4 PPP/46 RPT=118 Authentication Subsystem error: No active server found

Is anyone have a suggestion for that instability behavior?


Yossi Mor


Re: User Authentication fails in L2TP/IPsec conf with ACS

The meaning of this error is that the concentrator attempted to send the authentication request to the ACS server but didn't receive a reply from it. What do you see in the ACS logs? Do you see that it receives the authentication request? If so, do you see the authentication passing when quering Active Directory? If so, then probably a sniffer trace between the ACS and concentrator should be collected to see if the ACS is indeed sending the authentication accept message back to the concentrator or if it never sends it. This can be caused by many many many factors (i.e. sporadic connectivity problems between the cocentrator and ACS, ACS never receiving the reply from concentrator, etc).

Community Member

Re: User Authentication fails in L2TP/IPsec conf with ACS

What version of code are you using where VPN Client authorization via an ACS Server is supported?

I have the latest from the web site today;

Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.1.Rel Feb 12 2004 17:54:39

And all I see as options for Client/Group authentication is Radius, NT Domain, SDI, Kerberos and Internal.

I'd love to use my ACS server for Client Authentication via TACACS, is that possible?

Community Member

Re: User Authentication fails in L2TP/IPsec conf with ACS


I am using on the VPN 3004 software version 4.0.

I belive that there si no problem to work with TACACS since acs support that protocol.I did not try that option.


Yossi Mor

CreatePlease to create content