[c-nsp] FW: ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS
Scott Granados
gsgranados at comcast.net
Tue Oct 20 17:29:10 EDT 2009
Oh God, Winders in the authorization chain. Clearly someone doesn't like
sleeping well.;)
The only thing I've seen more frightening than that is an entirely Windows
NT 4.0 based heart care environment where the review stations would crash
when the Fore ATM adapters took more than 50 megabits of traffic. (Sorry
sir, we'd be working on your heart attack and trying to do some imaging here
but we've bluescreened, can you hold?)
----- Original Message -----
From: "Jeff Wojciechowski" <Jeff.Wojciechowski at midlandpaper.com>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, October 20, 2009 2:16 PM
Subject: [c-nsp] FW: ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS
> Its Windows....try restarting NPS Service :)
>
> Thanks to the off-list responses!
>
> -Jeff
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff Wojciechowski
> Sent: Tuesday, October 20, 2009 2:58 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS
>
> Hi All,
>
> Has anyone gotten ASA based VPN (soft clients) to work with Windows 2008
> NPS - AD Integrated RADIUS to work?
>
> As our engineer put it:
>
> "Cisco does not have a document for authentication configuration with
> Windows 2008. Since they say the ASA configuration looks fine they have
> washed their hands of it and want to close the case."
>
>
> I can see this in the logs on our AD server:
>
> Contact the Network Policy Server administrator for more information.
>
> User:
> Security ID:
> NULL SID
> Account Name:
> %domain\username%
> Account Domain: -
> Fully Qualified Account Name: -
>
> Client Machine:
> Security ID:
> NULL SID
> Account Name: -
> Fully Qualified Account Name: -
> OS-Version: -
> Called Station Identifier: %some ip
> address%
> Calling Station Identifier: %some
> originating ip address%
>
> NAS:
> NAS IPv4 Address: %ip of
> server%
> NAS IPv6 Address: -
> NAS Identifier: -
> NAS Port-Type: Virtual
> NAS Port:
> 159744
>
> RADIUS Client:
> Client Friendly Name: whl_vpn_new
> Client IP Address: %ip
> address of client%
>
> Authentication Details:
> Proxy Policy Name: -
> Network Policy Name: -
> Authentication Provider: -
> Authentication Server: %fqdn of
> server%
> Authentication Type: -
> EAP Type: -
> Account Session Identifier: -
> Reason Code: 49
> Reason:
> The connection attempt did not match any connection request policy.
>
> If this has been asked and answered (or if there is a better forum for
> this), I apologize. If someone could nudge me in the right direction that
> would be very awesome. Technet for the above error is pretty pointless as
> usual....
>
> Thanks again,
>
> -Jeff
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list