scotto2003
asked on
cisco 3005 help Group will not authenticate
Wondering if I need to place routes for the traffic to get to the Kerberos server. I can successfully test authentication from the Configuration/System/Authe ntication screen, but if i browse downward to Groups, and my group and password, and try to connect from outside i get a no active server found error. I can also configure the authentication server from the group screens and I can't authenticate...? My network hookup is as below... do I need to add routes for the concentrator to communicate? Do I need to add my firewall as the tunnel gateway?
trusted network----firewall------- switch---- router---- ISP
| |
---------concentrator----- ---
trusted network----firewall-------
| |
---------concentrator-----
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was it! But I'm confused.... I added an internal server and tried to logon.. low and behold I recieved a login prompt and logged in with my domain credentials.... I was under the assumption an internal authentication server was a separate database the VPN concentrator held, and I would have to create usernames and passwords for each user... so i assumed Kerberos was an external server since the database was held outside of the concentrator...?? ?
I was tricked by that "external" "internal" too when I implement our one, we use NT domain controller to authenticate users, that again has to be "internal". Base on Cisco tech support, "external" is only for RADIUS. Tricky!
There is a internal database for all the groups, users etc, but when talk about authentication servers, only RADIUS should be "external"
ASKER
Thanks!
ASKER
I can fill out Kerberos server and Test and successfullly authenticate...
BUT... from the group screen....Configuration | User Management | Groups
I can fill out same info and it says server timeout.... ?? ?? ? ?