2811, Pix 515e, & 3005

Discussion in 'Cisco' started by pix help, Mar 4, 2007.

  1. pix help

    pix help Guest

    Help!

    Need some advice here. Have VPN up and running with authentication for
    group & users internal to VPN. I can establish sessions for multiple
    clients. The vpn inside sits behind Pix. Outside is between 2811 &
    515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.

    I want the concentrator to authenticate group against internal db on
    3005 and then pass user authentication to IAS. The IAS box is
    configured correctly as I can authenticate against it from other
    hardware. I have reviewed the docs on the cisco site and have the
    Raduiys with expiry configured correctly based on this information.

    Is there anything special since a Pix is part of the equation? Has
    anyone been able to get a configu such as this to work?

    Thanks in advance.
    pix help, Mar 4, 2007
    #1
    1. Advertising

  2. http://www.cisco.com/en/US/products...s_configuration_example09186a0080094700.shtml

    HTH
    MArtin

    "pix help" <> skrev i en meddelelse
    news:...
    > Help!
    >
    > Need some advice here. Have VPN up and running with authentication for
    > group & users internal to VPN. I can establish sessions for multiple
    > clients. The vpn inside sits behind Pix. Outside is between 2811 &
    > 515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.
    >
    > I want the concentrator to authenticate group against internal db on
    > 3005 and then pass user authentication to IAS. The IAS box is
    > configured correctly as I can authenticate against it from other
    > hardware. I have reviewed the docs on the cisco site and have the
    > Raduiys with expiry configured correctly based on this information.
    >
    > Is there anything special since a Pix is part of the equation? Has
    > anyone been able to get a configu such as this to work?
    >
    > Thanks in advance.
    >
    Martin Bilgrav, Mar 5, 2007
    #2
    1. Advertising

  3. pix help

    pix help Guest

    Hello,

    Getting the following error when trying to authenticate VPN 3005 to
    IAS box. Any suggestions?

    Thanks in advance.


    User \domainuser was denied access.
    Fully-Qualified-User-Name = \XXXX
    NAS-IP-Address = 192.168.150.25
    NAS-Identifier = <not present>
    Called-Station-Identifier = 10.10.10.50
    Calling-Station-Identifier = XX.XXX.XXX.XXX
    Client-Friendly-Name = vpn.XXXXXXXX.com
    Client-IP-Address = 192.168.150.25
    NAS-Port-Type = Virtual
    NAS-Port = 1082
    Proxy-Policy-Name = test
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = <undetermined>
    Authentication-Type = MS-CHAPv2
    EAP-Type = <undetermined>
    Reason-Code = 16
    Reason = Authentication was not successful because an unknown user
    name or incorrect password was used.



    On Mar 5, 8:41 am, "Martin Bilgrav" <> wrote:
    > http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_config...
    >
    > HTH
    > MArtin
    >
    > "pix help" <> skrev i en meddelelsenews:...
    >
    >
    >
    > > Help!

    >
    > > Need some advice here. Have VPN up and running with authentication for
    > > group & users internal to VPN. I can establish sessions for multiple
    > > clients. The vpn inside sits behind Pix. Outside is between 2811 &
    > > 515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.

    >
    > > I want the concentrator to authenticate group against internal db on
    > > 3005 and then pass user authentication to IAS. The IAS box is
    > > configured correctly as I can authenticate against it from other
    > > hardware. I have reviewed the docs on the cisco site and have the
    > > Raduiys with expiry configured correctly based on this information.

    >
    > > Is there anything special since a Pix is part of the equation? Has
    > > anyone been able to get a configu such as this to work?

    >
    > > Thanks in advance.- Hide quoted text -

    >
    > - Show quoted text -
    pix help, Mar 5, 2007
    #3
  4. "unknown user name or incorrect password was used."

    Wonder what that means ...

    double check your user credentials, along with domain and/or domain
    seperator.





    "pix help" <> skrev i en meddelelse
    news:...
    >
    > Hello,
    >
    > Getting the following error when trying to authenticate VPN 3005 to
    > IAS box. Any suggestions?
    >
    > Thanks in advance.
    >
    >
    > User \domainuser was denied access.
    > Fully-Qualified-User-Name = \XXXX
    > NAS-IP-Address = 192.168.150.25
    > NAS-Identifier = <not present>
    > Called-Station-Identifier = 10.10.10.50
    > Calling-Station-Identifier = XX.XXX.XXX.XXX
    > Client-Friendly-Name = vpn.XXXXXXXX.com
    > Client-IP-Address = 192.168.150.25
    > NAS-Port-Type = Virtual
    > NAS-Port = 1082
    > Proxy-Policy-Name = test
    > Authentication-Provider = Windows
    > Authentication-Server = <undetermined>
    > Policy-Name = <undetermined>
    > Authentication-Type = MS-CHAPv2
    > EAP-Type = <undetermined>
    > Reason-Code = 16
    > Reason = Authentication was not successful because an unknown user
    > name or incorrect password was used.
    >
    >
    >
    > On Mar 5, 8:41 am, "Martin Bilgrav" <> wrote:
    > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_config...
    > >
    > > HTH
    > > MArtin
    > >
    > > "pix help" <> skrev i en

    meddelelsenews:...
    > >
    > >
    > >
    > > > Help!

    > >
    > > > Need some advice here. Have VPN up and running with authentication for
    > > > group & users internal to VPN. I can establish sessions for multiple
    > > > clients. The vpn inside sits behind Pix. Outside is between 2811 &
    > > > 515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.

    > >
    > > > I want the concentrator to authenticate group against internal db on
    > > > 3005 and then pass user authentication to IAS. The IAS box is
    > > > configured correctly as I can authenticate against it from other
    > > > hardware. I have reviewed the docs on the cisco site and have the
    > > > Raduiys with expiry configured correctly based on this information.

    > >
    > > > Is there anything special since a Pix is part of the equation? Has
    > > > anyone been able to get a configu such as this to work?

    > >
    > > > Thanks in advance.- Hide quoted text -

    > >
    > > - Show quoted text -

    >
    >
    Martin Bilgrav, Mar 6, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PabloFiasko

    VPN 2811 to 3005

    PabloFiasko, Jun 16, 2005, in forum: Cisco
    Replies:
    1
    Views:
    551
    Walter Roberson
    Jun 16, 2005
  2. Dustin
    Replies:
    3
    Views:
    632
    Matty M
    Nov 8, 2005
  3. Romeo
    Replies:
    1
    Views:
    468
    Walter Roberson
    Mar 20, 2006
  4. Speed3ple
    Replies:
    0
    Views:
    2,990
    Speed3ple
    Apr 4, 2006
  5. Scott Townsend

    PIX 515 to PIX 515e not passing traffic

    Scott Townsend, May 10, 2006, in forum: Cisco
    Replies:
    6
    Views:
    3,730
    Vikas
    May 25, 2006
Loading...

Share This Page