Solved

Cisco ASA cannot authenticate VPN clients using Kerberos

Posted on 2009-06-29
1
1,889 Views
Last Modified: 2013-12-04
The ASA was original pointing to a Windows 2000 server for VPN authentication. The Winows 2000 server was retired and we are now running a Windows 2003 domain. The authentication server address was changed to point a different domain controller. No other changes were made. Now the logon box re-appears after users try to connect using the Cisco VPN client.
A sample from the ASA log is below
5|Jun 29 2009|09:39:44|713904|||IP = 141.158.***.***, Received encrypted packet with no matching SA, dropping
4|Jun 29 2009|09:39:44|713903|||Group = *********, Username = *******, IP = 141.158.***.***, Error: Unable to remove PeerTblEntry
3|Jun 29 2009|09:39:44|713902|||Group = *********, Username = *********, IP = 141.158.***.***7, Removing peer from peer table failed, no match!
3|Jun 29 2009|09:39:44|713048|||Group = *********, Username = *********, IP = 141.158.***.***, Error processing payload: Payload ID: 14

Open in new window

0
Comment
Question by:John_R_E
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
John_R_E earned 0 total points
ID: 24841785
Solution found. While authenticating to the Windows 2000 domain controller the Kerberos realm of NIXON was fine. When domain was upgraded to a Windows 2003 domain the full qualified domain name of NIXON.COM was required for the KERBEROS Realm
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question