Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > 2811, Pix 515e, & 3005

Reply
Thread Tools

2811, Pix 515e, & 3005

 
 
pix help
Guest
Posts: n/a
 
      03-04-2007
Help!

Need some advice here. Have VPN up and running with authentication for
group & users internal to VPN. I can establish sessions for multiple
clients. The vpn inside sits behind Pix. Outside is between 2811 &
515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.

I want the concentrator to authenticate group against internal db on
3005 and then pass user authentication to IAS. The IAS box is
configured correctly as I can authenticate against it from other
hardware. I have reviewed the docs on the cisco site and have the
Raduiys with expiry configured correctly based on this information.

Is there anything special since a Pix is part of the equation? Has
anyone been able to get a configu such as this to work?

Thanks in advance.

 
Reply With Quote
 
 
 
 
Martin Bilgrav
Guest
Posts: n/a
 
      03-05-2007
http://www.cisco.com/en/US/products/...80094700.shtml

HTH
MArtin

"pix help" <(E-Mail Removed)> skrev i en meddelelse
news:(E-Mail Removed) oups.com...
> Help!
>
> Need some advice here. Have VPN up and running with authentication for
> group & users internal to VPN. I can establish sessions for multiple
> clients. The vpn inside sits behind Pix. Outside is between 2811 &
> 515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.
>
> I want the concentrator to authenticate group against internal db on
> 3005 and then pass user authentication to IAS. The IAS box is
> configured correctly as I can authenticate against it from other
> hardware. I have reviewed the docs on the cisco site and have the
> Raduiys with expiry configured correctly based on this information.
>
> Is there anything special since a Pix is part of the equation? Has
> anyone been able to get a configu such as this to work?
>
> Thanks in advance.
>



 
Reply With Quote
 
 
 
 
pix help
Guest
Posts: n/a
 
      03-05-2007

Hello,

Getting the following error when trying to authenticate VPN 3005 to
IAS box. Any suggestions?

Thanks in advance.


User \domainuser was denied access.
Fully-Qualified-User-Name = \XXXX
NAS-IP-Address = 192.168.150.25
NAS-Identifier = <not present>
Called-Station-Identifier = 10.10.10.50
Calling-Station-Identifier = XX.XXX.XXX.XXX
Client-Friendly-Name = vpn.XXXXXXXX.com
Client-IP-Address = 192.168.150.25
NAS-Port-Type = Virtual
NAS-Port = 1082
Proxy-Policy-Name = test
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = MS-CHAPv2
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user
name or incorrect password was used.



On Mar 5, 8:41 am, "Martin Bilgrav" <(E-Mail Removed)> wrote:
> http://www.cisco.com/en/US/products/...roducts_config...
>
> HTH
> MArtin
>
> "pix help" <(E-Mail Removed)> skrev i en meddelelsenews:1172977360.029881.209770@s48g2000cw s.googlegroups.com...
>
>
>
> > Help!

>
> > Need some advice here. Have VPN up and running with authentication for
> > group & users internal to VPN. I can establish sessions for multiple
> > clients. The vpn inside sits behind Pix. Outside is between 2811 &
> > 515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.

>
> > I want the concentrator to authenticate group against internal db on
> > 3005 and then pass user authentication to IAS. The IAS box is
> > configured correctly as I can authenticate against it from other
> > hardware. I have reviewed the docs on the cisco site and have the
> > Raduiys with expiry configured correctly based on this information.

>
> > Is there anything special since a Pix is part of the equation? Has
> > anyone been able to get a configu such as this to work?

>
> > Thanks in advance.- Hide quoted text -

>
> - Show quoted text -



 
Reply With Quote
 
Martin Bilgrav
Guest
Posts: n/a
 
      03-06-2007
"unknown user name or incorrect password was used."

Wonder what that means ...

double check your user credentials, along with domain and/or domain
seperator.





"pix help" <(E-Mail Removed)> skrev i en meddelelse
news:(E-Mail Removed) oups.com...
>
> Hello,
>
> Getting the following error when trying to authenticate VPN 3005 to
> IAS box. Any suggestions?
>
> Thanks in advance.
>
>
> User \domainuser was denied access.
> Fully-Qualified-User-Name = \XXXX
> NAS-IP-Address = 192.168.150.25
> NAS-Identifier = <not present>
> Called-Station-Identifier = 10.10.10.50
> Calling-Station-Identifier = XX.XXX.XXX.XXX
> Client-Friendly-Name = vpn.XXXXXXXX.com
> Client-IP-Address = 192.168.150.25
> NAS-Port-Type = Virtual
> NAS-Port = 1082
> Proxy-Policy-Name = test
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = <undetermined>
> Authentication-Type = MS-CHAPv2
> EAP-Type = <undetermined>
> Reason-Code = 16
> Reason = Authentication was not successful because an unknown user
> name or incorrect password was used.
>
>
>
> On Mar 5, 8:41 am, "Martin Bilgrav" <(E-Mail Removed)> wrote:
> > http://www.cisco.com/en/US/products/...roducts_config...
> >
> > HTH
> > MArtin
> >
> > "pix help" <(E-Mail Removed)> skrev i en

meddelelsenews:1172977360.029881.209770@s48g2000cw s.googlegroups.com...
> >
> >
> >
> > > Help!

> >
> > > Need some advice here. Have VPN up and running with authentication for
> > > group & users internal to VPN. I can establish sessions for multiple
> > > clients. The vpn inside sits behind Pix. Outside is between 2811 &
> > > 515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.

> >
> > > I want the concentrator to authenticate group against internal db on
> > > 3005 and then pass user authentication to IAS. The IAS box is
> > > configured correctly as I can authenticate against it from other
> > > hardware. I have reviewed the docs on the cisco site and have the
> > > Raduiys with expiry configured correctly based on this information.

> >
> > > Is there anything special since a Pix is part of the equation? Has
> > > anyone been able to get a configu such as this to work?

> >
> > > Thanks in advance.- Hide quoted text -

> >
> > - Show quoted text -

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can a 3005 behind a PIX do a L2L VPN? ng01@gvn.com Cisco 1 03-31-2005 01:36 AM
VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005 Kai Cisco 0 02-15-2005 02:03 PM
Cisco PIX 501 using pptp to connect to cisco vpn 3005 concentrator Kai Cisco 1 05-14-2004 02:44 PM
[pix] desperatly need help with PIX-to-PIX config Remco Bressers Cisco 1 11-21-2003 08:58 PM
PIX to PIX to PIX meshed VPN Richard Cisco 1 11-15-2003 07:41 AM



Advertisments