VPN3005 and AD

I have configured my Cisco VPN 3005 to authenticate users to AD when they connect. This works fine for WebVPN, but I cannot get VPN client users to authenticate. Cisco VPN clients and Windows VPN clients fail.

When I use an internally configured username, the Cisco VPN client connects OK, but not the Windows client.

Am I missing something?

Thanks for any help!!


Reply to
Loading thread data ...

Hi Russ,

You may wish to investigate these steps:

Step 1. Check to see that the VPN Client user is supplying the correct username and password.

Step 2. Verify that the username and password are present in the database.

If you are using the VPN 3005 Concentrator as the remote server, you can verify the username and password.

Select Configuration > System > Servers > Authentication, then select Authentication Server, and click Test.

When prompted, enter the username and password.

If authentication is rejected, the username and password are not matching.

If you receive an authentication error ("No response from server"), continue to step 3.

Step 3. Verify that you have configured communication parameters for the authentication server properly.

Also, ping the authentication server to verify connectivity.

Hope this helps.

Brad Reese BradReese.Com - Cisco Repair

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Power Supply Headquarters
formatting link

Reply to

How are you authenticating against AD??? RADIUS via MS IAS?? CSACS??

check the security log on your domain controller for IAS events if yo'ure using IAS. make sure the RADIUS/TAC+ password is right on both devices. (it probably is if webvpn users are ok).... look in the filterable event log for errors also...

Reply to
john smith

Thanks for the replies.

Authentication from the VPM3005 works fine. I can test the credentials successfully from the System>Servers>Authentication>Test option.

Also, when using WebVPN the user can use their domain credentials without any issues.

Domain authentication is direct using Kerberos server configures in the System>Servers>Authentication menu.


Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.