Cisco VPN error

From: "Morten" <msp@xxxxxxxxxx>
Date: Wed, 22 Nov 2006 10:48:40 +0100

Hi!

We're trying to configure IAS to authenticate against our AD to provide an authenticated VPN connection. The VPN tunnel is established through 2 Cisco PIXes. The log on the IAS server shows:

User user@xxxxxxxxxxxx was granted access.
Fully-Qualified-User-Name = mydomain/myuser
NAS-IP-Address = 192.168.70.1
NAS-Identifier = <not present>
Client-Friendly-Name = PIX
Client-IP-Address = 192.168.70.1
Calling-Station-Identifier = xx.xx.xx.xx
NAS-Port-Type = <not present>
NAS-Port = 103
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to Microsoft Routing and Remote Access server
Authentication-Type = PAP
EAP-Type = <undetermined>

Which I assume is OK? (Although the "<undetermined>" in "Authentication-Server" is a bit puzzling)

However an error is recorded in the client log:

2410: Received xauth challenge: Password: , session id: 817913286
return status is IKMP_ERR_NO_RETRANS2411: Received response: , session id 817913286
2412: Making authentication request for host 192.168.70.50, user myuser@xxxxxxxxxxxx, session id: 817913286
2409: Processing challenge for user myuser@xxxxxxxxxxxx, session id: 817913286, challenge: Password:
2404: uap allocated. remote address: xx.xx.xx.xx, Session_id: 817913286
2414: Received response: , session id 817913286
2415: Making authentication request for host 192.168.70.50, user myuser@xxxxxxxxxxxx, session id: 817913286
2413: Processing a rejection for user <myuser@xxxxxxxxxxxx>, session id: 817913286
2416: ...retry. session id: 817913286
2418: Received response: , session id 817913286
2419: Making authentication request for host 192.168.70.50, user myuser@xxxxxxxxxxxx, session id: 817913286
2417: Processing a rejection for user <myuser@xxxxxxxxxxxx>, session id: 817913286
2420: ...retry. session id: 817913286

Can anyone help me figure out what the problem could be?

Thanks in advance

Morten

.

Prev by Date: COM interop from IAS Extension DLL
Next by Date: Wired 802.1x with IAS & HP 2650 switches = error 16
Previous by thread: COM interop from IAS Extension DLL
Next by thread: Wired 802.1x with IAS & HP 2650 switches = error 16
Index(es):
- Date
- Thread

Relevant Pages

Re: HELP Connection error on Release mode
... "Off" Always display detailed ASP.NET error information. ... This section sets the authentication policies of the application. ... Set trace enabled="true" to enable application trace logging. ... <!-- SESSION STATE SETTINGS ...
(microsoft.public.dotnet.languages.csharp)
Re: Session Fixation Vulnerability in Web-based Applications
... session, without modifying the way servers generate session ID's is as ... Think of the http server generated sessions as "UI Sessions" and as ... no impact on authentication. ... "authentication key" for this domain (usually in the form of a new ...
(NT-Bugtraq)
Re: [PHP] Re: a question on session ID and security
... constructed to produce the actual authentication token. ... looking at the cookies on the client gets no indication that you're ... testing for remote session hijacking weaknesses. ... blinded by a bright shiny new algorithm. ...
(php.general)
Re: Forms authentication vs session variable
... There is a known security vulnerability called "Session Hijacking", ... and there are standard ways of protection. ... With forms authentication being the standard approach, ...
(microsoft.public.dotnet.framework.aspnet)
Re: Forms authentication vs session variable
... There is a known security vulnerability called "Session Hijacking", ... and there are standard ways of protection. ... With forms authentication being the standard approach, ...
(microsoft.public.dotnet.framework.aspnet)