Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3000 to ACSv5, wont give up IAS

Hello

I am setting up a pair of ACS v5 appliances to talk to Active Directory for a Cisco VPN Concentrator 3060. I have setup the ACS servers and put them in the VPN under CONFIGURATION - SYSTEM - SERVERS - AUTHENTICATION, and when I use the “test” button to test them they work great.

The problem is that prior to using the ACS appliances we were using a Microsoft IAS server to do the RADIUS, it worked but we are retiring it. Under the AUTHENTICATION settings we moved the IAS server to the bottom of the list…

Internal

ACS Server 1

ACS Server 2

MS-IAS

But for some reason any Active Directory user that logs in still gets authenticated to the IAS server, remember that when we use the “test” button on either of the ACS servers they return “Authentication Successful”. We tried deleting the IAS server and after that nobody can log in, when we put it back they can log in again.

Its like ACS only works in the test function. Please help.

e-

1 REPLY
Silver

Re: VPN3000 to ACSv5, wont give up IAS

Assuming you are testing and logging into VPN with the same userid, I think the difference between the test function and logging into VPN is that VPN uses group settings for the userid. You might check to see if the authentication setting for the group (or base group) is RADIUS. Authentication is on the IPSEC tab for the group.

HTH

135
Views
0
Helpful
1
Replies