Solved

vpngroups

Posted on 2008-06-19
4
537 Views
Last Modified: 2013-11-16
I have created a vpngroup on my pix and now I am trying to configure it to authenticate to our domain controller. I have tried the command "vpngroup DTVPN authentication-server <IP address>", but it keeps telling me invalid server_tag.....

vpngroup <group_name> password <preshared_key>
        vpngroup <group_name> address-pool <pool_name>
        vpngroup <group_name> dns-server <dns_ip_prim> [<dns_ip_sec>]
        vpngroup <group_name> wins-server <wins_ip_prim> [<wins_ip_sec>]
        vpngroup <group_name> default-domain <domain_name>
        vpngroup <group_name> split-tunnel <access_list>
        vpngroup <group_name> split-dns domain_name1 [domain_name2 ... domain_name8]
        vpngroup <group_name> backup-server {{<ip1> [<ip2> ... <ip10>]} | clear-client-cfg}
        vpngroup <group_name> pfs
        vpngroup <group_name> idle-time <idle_seconds>
        vpngroup <group_name> max-time <max_seconds>
        vpngroup <group_name> secure-unit-authentication
        vpngroup <group_name> authentication-server <server_tag>
        vpngroup <group_name> user-authentication
        vpngroup <group_name> user-idle-timeout <user_idle_seconds>
        vpngroup <group_name> device-pass-through
0
Comment
Question by:dtadmin
  • 2
  • 2
4 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 21827156
hi

In using:
vpngroup DTVPN authentication-server <IP address>

the problem is that the last section (server tag) is not an ip address but an aaa server-tag.  e.g.

e.g.:
aaa-server server_tag [(if_name)] host server_ip [key] [timeout seconds]
aaa-server server_tag max-failed-attempts <number>
aaa-server server_tag protocol auth_protocol

That is what you need to match it up to - so if you have an aaa-server already listed, match the server tag to your vpngroup

hth
0
 

Author Comment

by:dtadmin
ID: 21830202
it is prompting me to designate a aaa-server protocol when I try to execute the aaa-server host ip command. The only protocols it lets me choose from is tacacs+ or radius. I want to configure this so I authenticate to my windows domain controller. I have a pix515 in production that is setup for a protocol of nt that points to our production domain controller, but I don't have that option on the 506. Any ideas.....
0
 
LVL 19

Expert Comment

by:nodisco
ID: 21842209
can you post the output of the 515?  We can work out why it won't happen on your 506

Also - post the output of the following from both PIXs
sh version

cheers
0
 

Accepted Solution

by:
dtadmin earned 0 total points
ID: 21847778
I will get those to you after I get back from the Cisco Live 2008 conference. Thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 3560 switches not seeing VTP V3 12 67
ASA configuration 2 39
Configuring WAN interface on Cisco ASA5525 3 25
AnyConnect VPN endpoint authentication/validation 4 17
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question