Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

vpngroups

Posted on 2008-06-19
4
Medium Priority
?
555 Views
Last Modified: 2013-11-16
I have created a vpngroup on my pix and now I am trying to configure it to authenticate to our domain controller. I have tried the command "vpngroup DTVPN authentication-server <IP address>", but it keeps telling me invalid server_tag.....

vpngroup <group_name> password <preshared_key>
        vpngroup <group_name> address-pool <pool_name>
        vpngroup <group_name> dns-server <dns_ip_prim> [<dns_ip_sec>]
        vpngroup <group_name> wins-server <wins_ip_prim> [<wins_ip_sec>]
        vpngroup <group_name> default-domain <domain_name>
        vpngroup <group_name> split-tunnel <access_list>
        vpngroup <group_name> split-dns domain_name1 [domain_name2 ... domain_name8]
        vpngroup <group_name> backup-server {{<ip1> [<ip2> ... <ip10>]} | clear-client-cfg}
        vpngroup <group_name> pfs
        vpngroup <group_name> idle-time <idle_seconds>
        vpngroup <group_name> max-time <max_seconds>
        vpngroup <group_name> secure-unit-authentication
        vpngroup <group_name> authentication-server <server_tag>
        vpngroup <group_name> user-authentication
        vpngroup <group_name> user-idle-timeout <user_idle_seconds>
        vpngroup <group_name> device-pass-through
0
Comment
Question by:dtadmin
  • 2
  • 2
4 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 21827156
hi

In using:
vpngroup DTVPN authentication-server <IP address>

the problem is that the last section (server tag) is not an ip address but an aaa server-tag.  e.g.

e.g.:
aaa-server server_tag [(if_name)] host server_ip [key] [timeout seconds]
aaa-server server_tag max-failed-attempts <number>
aaa-server server_tag protocol auth_protocol

That is what you need to match it up to - so if you have an aaa-server already listed, match the server tag to your vpngroup

hth
0
 

Author Comment

by:dtadmin
ID: 21830202
it is prompting me to designate a aaa-server protocol when I try to execute the aaa-server host ip command. The only protocols it lets me choose from is tacacs+ or radius. I want to configure this so I authenticate to my windows domain controller. I have a pix515 in production that is setup for a protocol of nt that points to our production domain controller, but I don't have that option on the 506. Any ideas.....
0
 
LVL 19

Expert Comment

by:nodisco
ID: 21842209
can you post the output of the 515?  We can work out why it won't happen on your 506

Also - post the output of the following from both PIXs
sh version

cheers
0
 

Accepted Solution

by:
dtadmin earned 0 total points
ID: 21847778
I will get those to you after I get back from the Cisco Live 2008 conference. Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question