[c-nsp] ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS

Erik Soosalu eriks at nationalfastfreight.com
Tue Oct 20 16:13:43 EDT 2009 

With a 5510 we are using 2008 NPS for AD auth.

Do you have something under you Connection Request Policy?  The log
seems to be telling you that there is something missing there.

Thanks,
Erik



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff
Wojciechowski
Sent: Tuesday, October 20, 2009 3:58 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS

Hi All,

Has anyone gotten ASA based VPN (soft clients) to work with Windows 2008
NPS - AD Integrated RADIUS to work?

As our engineer put it:

"Cisco does not have a document for authentication configuration with
Windows 2008. Since they say the ASA configuration looks fine they have
washed their hands of it and want to close the case."


I can see this in the logs on our AD server:

Contact the Network Policy Server administrator for more information.

User:
                Security ID:
NULL SID
                Account Name:
%domain\username%
                Account Domain:                                 -
                Fully Qualified Account Name:          -

Client Machine:
                Security ID:
NULL SID
                Account Name:                                     -
                Fully Qualified Account Name:          -
                OS-Version:                                           -
                Called Station Identifier:                      %some ip
address%
                Calling Station Identifier:                     %some
originating ip address%

NAS:
                NAS IPv4 Address:                                %ip of
server%
                NAS IPv6 Address:                                -
                NAS Identifier:                                       -
                NAS Port-Type:
Virtual
                NAS Port:
159744

RADIUS Client:
                Client Friendly Name:
whl_vpn_new
                Client IP Address:                                  %ip
address of client%

Authentication Details:
                Proxy Policy Name:                              -
                Network Policy Name:                         -
                Authentication Provider:                     -
                Authentication Server:                         %fqdn of
server%
                Authentication Type:                           -
                EAP Type:
-
                Account Session Identifier:                 -
                Reason Code:                                        49
                Reason:
The connection attempt did not match any connection request policy.

If this has been asked and answered (or if there is a better forum for
this), I apologize. If someone could nudge me in the right direction
that would be very awesome. Technet for the above error is pretty
pointless as usual....

Thanks again,

-Jeff

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list