Re: Cisco AAA via Win2k3 IAS

OK, I dug a little more into your log. And here is the answer:

You have this attribute logged towards the end of your log: 4142,66 which
means
4142 = Reason-Code
66 = Invalid authentication type

So, check your policies on your Cisco and IAS servers to make sure that
there is some common auth method defined on both of them.

Thanks, Manju

--
+++++++++++++++++++++++++++++++++++++++++++++++
This posting is provided "AS IS" with no warranties, and confers no rights


<anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:090601c53fc7$3fd9fe60$a601280a@xxxxxxxxxx
>I should have included the logs from the IAS server.
>
> This is all I get (multiple times):
>
> 192.168.1.254,USERNAME,04/12/2005,17:13:44,IAS,IASSERVER,3
> 1,203.40.173.129,61,5,4,192.168.1.254,4108,192.168.1.254,4
> 116,9,4128,192.168.1.254,4155,1,25,311 1 192.168.6.2
> 04/12/2005 07:07:31
> 1,4129,PEERLESSJAL\USERNAME,4127,1,4130,peerlessjal.com.au
> /VIC/Scott Cannon,4136,1,4142,0
> 192.168.1.254,USERNAME,04/12/2005,17:13:44,IAS,IASSERVER,2
> 5,311 1 192.168.6.2 04/12/2005 07:07:31
> 1,4130,peerlessjal.com.au/VIC/Scott Cannon,4149,Allow
> access if dial-in permission is
> enabled,4108,192.168.1.254,4116,9,4128,192.168.1.254,4155,
> 1,4154,Use Windows authentication for all
> users,4129,PEERLESSJAL\USERNAME,4127,1,4136,3,4142,66
>
> I've just noticed an IP address in this log that I do not
> know. Can anyone tell me what 203.40.173.129 is referring
> to? By that I mean what the function of the machine in
> this same spot as this IP is.
>
> This has really got me badoozled! Any help is greatly
> appreciated.
>
>>-----Original Message-----
>>Hi.
>>
>>I am having trouble getting my IAS server to
> authenticate
>>users connecting to my Cisco Easy VPN Server.
>>
>>I have set all the required parameters on the CISCO
>>device:
>>
>>aaa authentication login default local
>>aaa authorization exec default local
>>aaa authorization network default local
>>
>>radius-server host 192.168.1.1 auth-port 1645 acct-port
>>1646 key 7 blahblahblah
>>
>>On the IAS server I have set the Cisco device up as a
>>RADIUS client with a pre-shared key and allowed no
>>encryption between the nodes. My access policy is a
>>simple one not that it matters, I don't get to that
> stage.
>>
>>The Cisco device forwards the requests to the IAS server
>>but the IAS server does not respond.
>>
>>If anyone has afew pointers for setting this up I'd
>>really appreciate you sharing them with me.
>>
>>Thanks
>>.
>>


.

Relevant Pages

  • IAS to authenticate CISCO VPN traffic
    ... I just closed a TAC with CISCO about this issue and they are pointing to the ... I have a cisco router configured with a group VPN key, and a IAS server ... CiscoRouter wuth the correct shared secret and I have set the Client Vendor ... Within this profile Under authentication and encryption I have tried ...
    (microsoft.public.internet.radius)
  • Cisco AAA via Win2k3 IAS
    ... Cisco routers were requesting authentication via PAP ... >I am having trouble getting my IAS server to ...
    (microsoft.public.internet.radius)
  • Re: IAS to authenticate CISCO VPN traffic
    ... > I just closed a TAC with CISCO about this issue and they are pointing to ... > IAS server as the problem... ... I created a client within IAS called ... > Within this profile Under authentication and encryption I have tried ...
    (microsoft.public.internet.radius)
  • Cisco AAA via Win2k3 IAS
    ... I should have included the logs from the IAS server. ... 1,4154,Use Windows authentication for all ... >The Cisco device forwards the requests to the IAS server ...
    (microsoft.public.internet.radius)
  • Cisco AAA via Win2k3 IAS
    ... I am having trouble getting my IAS server to authenticate ... I have set all the required parameters on the CISCO ... The Cisco device forwards the requests to the IAS server ...
    (microsoft.public.internet.radius)
Loading