?
Solved

cisco 3005 help  Group will not authenticate

Posted on 2005-04-15
6
Medium Priority
?
380 Views
Last Modified: 2013-11-16
Wondering if I need to place routes for the traffic to get to the Kerberos server.  I can successfully test authentication from the Configuration/System/Authentication screen, but if i browse downward to Groups,  and my group and password, and try to connect from outside i get a no active server found error.   I can also configure the authentication server from the group screens and I can't authenticate...?  My network hookup is as below...  do I need to add routes for the concentrator to communicate?  Do I need to add my firewall as the tunnel gateway?

trusted network----firewall-------switch----router----ISP
           |                                      |
            ---------concentrator--------
0
Comment
Question by:scotto2003
  • 3
  • 3
6 Comments
 

Author Comment

by:scotto2003
ID: 13793327
Another way of saying...  From this screen-       Configuration | System | Servers | Authentication  
I can fill out Kerberos server and Test and successfullly authenticate...

BUT... from the group screen....Configuration | User Management | Groups
I can fill out same info and it says server timeout....  ?? ?? ?   ?
0
 
LVL 6

Accepted Solution

by:
magicomminc earned 1000 total points
ID: 13793471
I believe that concentrator already has a correct route to your authentication server since you can successfully test authentication from the Configuration/System/Authentication screen (is that Kerberos server in your trusted network and concentrator has a direct connection to it?)
can you verify under user management, groups, the group you are trying to use is "Internally Configured"? since the authentication server type is Kerberos, it has to be "internal"
0
 

Author Comment

by:scotto2003
ID: 13793664
That was it!  But I'm confused....   I added an internal server and tried to logon.. low and behold I recieved a login prompt and logged in with my domain credentials....  I was under the assumption an internal authentication server was a separate database the VPN concentrator held, and I would have to create usernames and passwords for each user...   so i assumed Kerberos was an external server since the database was held outside of the concentrator...?? ?    
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 6

Expert Comment

by:magicomminc
ID: 13793880
I was tricked by that "external" "internal" too when I implement our one, we use NT domain controller to authenticate users, that again has to be "internal". Base on Cisco tech support,  "external" is only for RADIUS. Tricky!
0
 
LVL 6

Expert Comment

by:magicomminc
ID: 13793900
There is a internal database for all the groups, users etc, but when talk about authentication servers, only RADIUS should be "external"
0
 

Author Comment

by:scotto2003
ID: 13793904
Thanks!  
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question