IAS issues. vpn error 718

I'm having issues getting a computer to authenticate on a vpn correctly.  The vpn is an l2tp vpn terminated at a cisco pix.  Authentication is done via a domain controller with IAS installed.  I keep getting error 718 with the microsoft vpn.
LVL 2
jmluc123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jmluc123Author Commented:
windows client = 718 The Connection has timed out waiting for a valid response from the Remote Computer.
cisco client = 413 User Authentication Failed.
0
Markus BraunCEOCommented:
hi, can you post your aaa config part  - and the one for the client
IAS authentication is pretty straight forward actually
is the IAS configure like on the Cisco example page?

here you can see what to configure on the IAS
just scroll down a bit when u open the site
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml
0
jmluc123Author Commented:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 192.168.20.9 TampaBayLightning26and9 timeout 10
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL

vpngroup vipvpn address-pool vpnpool
vpngroup vipvpn dns-server 192.168.20.9
vpngroup vipvpn wins-server 192.168.20.9
vpngroup vipvpn default-domain vtinfo.com
vpngroup vipvpn split-tunnel vipvpn_splitTunnelAcl
vpngroup vipvpn idle-time 28800
vpngroup vipvpn authentication-server RADIUS
vpngroup vipvpn user-authentication
vpngroup vipvpn user-idle-timeout 28800
vpngroup vipvpn password ********



vpdn group pptpvpn accept dialin pptp
vpdn group pptpvpn ppp authentication mschap
vpdn group pptpvpn ppp encryption mppe auto required
vpdn group pptpvpn client configuration address local vpnpool
vpdn group pptpvpn client configuration dns 192.168.20.9
vpdn group pptpvpn client configuration wins 192.168.20.9
vpdn group pptpvpn client authentication aaa RADIUS
vpdn group pptpvpn pptp echo 60
vpdn enable outside

0
jmluc123Author Commented:
The second NIC on the server was enabled causing traffic to get routed out of the wrong interface.  Authentication completed but the server was not sending that info back to the firewall.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.