Solved

vpngroups

Posted on 2008-06-19
4
543 Views
Last Modified: 2013-11-16
I have created a vpngroup on my pix and now I am trying to configure it to authenticate to our domain controller. I have tried the command "vpngroup DTVPN authentication-server <IP address>", but it keeps telling me invalid server_tag.....

vpngroup <group_name> password <preshared_key>
        vpngroup <group_name> address-pool <pool_name>
        vpngroup <group_name> dns-server <dns_ip_prim> [<dns_ip_sec>]
        vpngroup <group_name> wins-server <wins_ip_prim> [<wins_ip_sec>]
        vpngroup <group_name> default-domain <domain_name>
        vpngroup <group_name> split-tunnel <access_list>
        vpngroup <group_name> split-dns domain_name1 [domain_name2 ... domain_name8]
        vpngroup <group_name> backup-server {{<ip1> [<ip2> ... <ip10>]} | clear-client-cfg}
        vpngroup <group_name> pfs
        vpngroup <group_name> idle-time <idle_seconds>
        vpngroup <group_name> max-time <max_seconds>
        vpngroup <group_name> secure-unit-authentication
        vpngroup <group_name> authentication-server <server_tag>
        vpngroup <group_name> user-authentication
        vpngroup <group_name> user-idle-timeout <user_idle_seconds>
        vpngroup <group_name> device-pass-through
0
Comment
Question by:dtadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 21827156
hi

In using:
vpngroup DTVPN authentication-server <IP address>

the problem is that the last section (server tag) is not an ip address but an aaa server-tag.  e.g.

e.g.:
aaa-server server_tag [(if_name)] host server_ip [key] [timeout seconds]
aaa-server server_tag max-failed-attempts <number>
aaa-server server_tag protocol auth_protocol

That is what you need to match it up to - so if you have an aaa-server already listed, match the server tag to your vpngroup

hth
0
 

Author Comment

by:dtadmin
ID: 21830202
it is prompting me to designate a aaa-server protocol when I try to execute the aaa-server host ip command. The only protocols it lets me choose from is tacacs+ or radius. I want to configure this so I authenticate to my windows domain controller. I have a pix515 in production that is setup for a protocol of nt that points to our production domain controller, but I don't have that option on the 506. Any ideas.....
0
 
LVL 19

Expert Comment

by:nodisco
ID: 21842209
can you post the output of the 515?  We can work out why it won't happen on your 506

Also - post the output of the following from both PIXs
sh version

cheers
0
 

Accepted Solution

by:
dtadmin earned 0 total points
ID: 21847778
I will get those to you after I get back from the Cisco Live 2008 conference. Thanks!
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question