I am setting up a pair of ACS v5 appliances to talk to Active Directory for a Cisco VPN Concentrator 3060. I have setup the ACS servers and put them in the VPN under CONFIGURATION - SYSTEM - SERVERS - AUTHENTICATION, and when I use the âtestâ button to test them they work great.
The problem is that prior to using the ACS appliances we were using a Microsoft IAS server to do the RADIUS, it worked but we are retiring it. Under the AUTHENTICATION settings we moved the IAS server to the bottom of the listâ¦
ACS Server 1
ACS Server 2
But for some reason any Active Directory user that logs in still gets authenticated to the IAS server, remember that when we use the âtestâ button on either of the ACS servers they return âAuthentication Successfulâ. We tried deleting the IAS server and after that nobody can log in, when we put it back they can log in again.
Its like ACS only works in the test function. Please help.
Assuming you are testing and logging into VPN with the same userid, I think the difference between the test function and logging into VPN is that VPN uses group settings for the userid. You might check to see if the authentication setting for the group (or base group) is RADIUS. Authentication is on the IPSEC tab for the group.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...