2003 Enterprise and Cisco 2610 router and Cisco VPN 3000

2003 Enterprise and Cisco 2610 router and Cisco VPN 3000

Post by bussey3 » Fri, 23 Jan 2004 04:59:35


I am attmpting to use Microsoft's IAS service to
authenticate users when they attempt to access the
network via dialin or VPN access. I have setup RRAS and
tested the IAS solution and everything seems fine but
when I attempt to use the Cisco 2610 router to dialin or
telnet into the router I get the following event log:

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 1/21/2004
Time: 10:48:00 AM
User: N/A
Computer: ITA99003
Description:
User test1 was denied access.
Fully-Qualified-User-Name = domain\user
NAS-IP-Address = 172.27.6.1
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 172.20.27.135
Client-Friendly-Name = Cisco Router
Client-IP-Address = 172.20.0.6
NAS-Port-Type = Virtual
NAS-Port = 130
Proxy-Policy-Name = Use Windows authentication for all
users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an
unknown user name or incorrect password was used.

I can use the same username and password when using RRAS
and everything works great. Why is the Cisco box not
working? What am I missing?


Thanks in advance for your help.
 
 
 

2003 Enterprise and Cisco 2610 router and Cisco VPN 3000

Post by Xuemei Ba » Fri, 23 Jan 2004 08:10:24

Questions:
1. does the user name look right?
2. have you configured the shared secret on VPN? That shared secret is
usually used for encrypt password.

You can do a netmon capture for the two cases, then compare them side by
side.


--
This post is provided AS IS with no warranties, and confer no rights