?
Solved

vpngroups

Posted on 2008-06-19
4
Medium Priority
?
549 Views
Last Modified: 2013-11-16
I have created a vpngroup on my pix and now I am trying to configure it to authenticate to our domain controller. I have tried the command "vpngroup DTVPN authentication-server <IP address>", but it keeps telling me invalid server_tag.....

vpngroup <group_name> password <preshared_key>
        vpngroup <group_name> address-pool <pool_name>
        vpngroup <group_name> dns-server <dns_ip_prim> [<dns_ip_sec>]
        vpngroup <group_name> wins-server <wins_ip_prim> [<wins_ip_sec>]
        vpngroup <group_name> default-domain <domain_name>
        vpngroup <group_name> split-tunnel <access_list>
        vpngroup <group_name> split-dns domain_name1 [domain_name2 ... domain_name8]
        vpngroup <group_name> backup-server {{<ip1> [<ip2> ... <ip10>]} | clear-client-cfg}
        vpngroup <group_name> pfs
        vpngroup <group_name> idle-time <idle_seconds>
        vpngroup <group_name> max-time <max_seconds>
        vpngroup <group_name> secure-unit-authentication
        vpngroup <group_name> authentication-server <server_tag>
        vpngroup <group_name> user-authentication
        vpngroup <group_name> user-idle-timeout <user_idle_seconds>
        vpngroup <group_name> device-pass-through
0
Comment
Question by:dtadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 21827156
hi

In using:
vpngroup DTVPN authentication-server <IP address>

the problem is that the last section (server tag) is not an ip address but an aaa server-tag.  e.g.

e.g.:
aaa-server server_tag [(if_name)] host server_ip [key] [timeout seconds]
aaa-server server_tag max-failed-attempts <number>
aaa-server server_tag protocol auth_protocol

That is what you need to match it up to - so if you have an aaa-server already listed, match the server tag to your vpngroup

hth
0
 

Author Comment

by:dtadmin
ID: 21830202
it is prompting me to designate a aaa-server protocol when I try to execute the aaa-server host ip command. The only protocols it lets me choose from is tacacs+ or radius. I want to configure this so I authenticate to my windows domain controller. I have a pix515 in production that is setup for a protocol of nt that points to our production domain controller, but I don't have that option on the 506. Any ideas.....
0
 
LVL 19

Expert Comment

by:nodisco
ID: 21842209
can you post the output of the 515?  We can work out why it won't happen on your 506

Also - post the output of the following from both PIXs
sh version

cheers
0
 

Accepted Solution

by:
dtadmin earned 0 total points
ID: 21847778
I will get those to you after I get back from the Cisco Live 2008 conference. Thanks!
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question