[c-nsp] ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS
Jeff Wojciechowski
Jeff.Wojciechowski at midlandpaper.com
Tue Oct 20 15:57:46 EDT 2009
Hi All,
Has anyone gotten ASA based VPN (soft clients) to work with Windows 2008 NPS - AD Integrated RADIUS to work?
As our engineer put it:
"Cisco does not have a document for authentication configuration with Windows 2008. Since they say the ASA configuration looks fine they have washed their hands of it and want to close the case."
I can see this in the logs on our AD server:
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: %domain\username%
Account Domain: -
Fully Qualified Account Name: -
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: %some ip address%
Calling Station Identifier: %some originating ip address%
NAS:
NAS IPv4 Address: %ip of server%
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Virtual
NAS Port: 159744
RADIUS Client:
Client Friendly Name: whl_vpn_new
Client IP Address: %ip address of client%
Authentication Details:
Proxy Policy Name: -
Network Policy Name: -
Authentication Provider: -
Authentication Server: %fqdn of server%
Authentication Type: -
EAP Type: -
Account Session Identifier: -
Reason Code: 49
Reason: The connection attempt did not match any connection request policy.
If this has been asked and answered (or if there is a better forum for this), I apologize. If someone could nudge me in the right direction that would be very awesome. Technet for the above error is pretty pointless as usual....
Thanks again,
-Jeff
More information about the cisco-nsp
mailing list