[c-nsp] ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS

Eric Girard egirard at focustsi.com
Tue Oct 20 16:32:20 EDT 2009


Jeff,
	I've done several VPN setups with 2008 NPS, and from what I remember offhand they were no different than the 'old' IAS.  Some of the items might have moved around a bit in the GUI, but the basic IAS functionality is still there.  From the error message, I would look at the connection policies, because if I am remembering correctly the default is not very useful and needs to be changed.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff Wojciechowski
Sent: Tuesday, October 20, 2009 3:58 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS

Hi All,

Has anyone gotten ASA based VPN (soft clients) to work with Windows 2008 NPS - AD Integrated RADIUS to work?

As our engineer put it:

"Cisco does not have a document for authentication configuration with Windows 2008. Since they say the ASA configuration looks fine they have washed their hands of it and want to close the case."


I can see this in the logs on our AD server:

Contact the Network Policy Server administrator for more information.

User:
                Security ID:                                            NULL SID
                Account Name:                                     %domain\username%
                Account Domain:                                 -
                Fully Qualified Account Name:          -

Client Machine:
                Security ID:                                            NULL SID
                Account Name:                                     -
                Fully Qualified Account Name:          -
                OS-Version:                                           -
                Called Station Identifier:                      %some ip address%
                Calling Station Identifier:                     %some originating ip address%

NAS:
                NAS IPv4 Address:                                %ip of server%
                NAS IPv6 Address:                                -
                NAS Identifier:                                       -
                NAS Port-Type:                                     Virtual
                NAS Port:                                               159744

RADIUS Client:
                Client Friendly Name:                           whl_vpn_new
                Client IP Address:                                  %ip address of client%

Authentication Details:
                Proxy Policy Name:                              -
                Network Policy Name:                         -
                Authentication Provider:                     -
                Authentication Server:                         %fqdn of server%
                Authentication Type:                           -
                EAP Type:                                               -
                Account Session Identifier:                 -
                Reason Code:                                        49
                Reason:                                                  The connection attempt did not match any connection request policy.

If this has been asked and answered (or if there is a better forum for this), I apologize. If someone could nudge me in the right direction that would be very awesome. Technet for the above error is pretty pointless as usual....

Thanks again,

-Jeff

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list