I have a Cisco 5500 ASA using the Cisco VPN client (version 4.8?) and a Windows Server 2008 doing RADIUS Authentication. I still have a Windows Server 2003 DC connected that is also still doing RADIUS. What I did is basically copy the RADIUS settings from the 2003 DC to the 2008 DC by having the screens side by side to make sure all the settings are the same. I have checked through them over and over and everything is the same, except the 2003 server works and the 2008 server does not. They both have the exact same setting (with the IP address different, obviously) in the AAA Server Groups setting on the 5500 ASA.
The problem I am having is that when I disable the RADIUS service on the 2003 Domain Controller (the working one) I can no longer successfully connect to VPN, I get "Secure VPN Connection Terminated Locally By Client: Reason 413 User Authentication Failed." The thing that is really strange is that after I attempt to authenticate through VPN and fail, I can go to the domain controller Security log and see my account credentials hitting the DC and that I've logged on successfully.
I checked the logs from the Cisco VPN client to see what was going on:
390 10:38:08.656 05/26/09 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
347 10:36:48.828 05/26/09 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
What could be going on here?