Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco Pix 8.0(4)28 won't accept vpn requests

Avatar of ejefferson213
ejefferson213 asked on
Network Security
3 Comments1 Solution470 ViewsLast Modified:
Whenever I try to VPN (using Cisco's VPN client) into my company, my authentication fails (I'm using RADIUS on my NPS server).  The messages appearing in the PIX log are shown below along with the statements used to configure my VPN access.  I can't figure out what is wrong; nothing else is recorded in PIX log to reveal anything.  Does anyone have a clue what I'm missing?  I have two of these PIX devices (model-525) (for different sites) and one works fine.  I compared the configurations and they're nearly identical for this function..  Thanks.

Aug 21 2014 16:10:28: %PIX-2-113022: AAA Marking RADIUS server 172.16.3.17 in aaa-server group RADIUS as FAILED
Aug 21 2014 16:10:59: %PIX-2-113022: AAA Marking RADIUS server 172.16.2.8 in aaa-server group RADIUS as FAILED
Aug 21 2014 16:10:59: %PIX-2-113023: AAA Marking RADIUS server 172.16.3.17 in aaa-server group RADIUS as ACTIVE
Aug 21 2014 16:10:59: %PIX-2-113023: AAA Marking RADIUS server 172.16.2.8 in aaa-server group RADIUS as ACTIVE
Aug 21 2014 16:10:59: %PIX-3-713167: Group = VPNUSERS, Username = vledj, IP = 69.249.5.121, Remote peer has failed user authentication -  check configured username and password
Aug 21 2014 16:10:59: %PIX-3-713902: Group = VPNUSERS, Username = vledj, IP = 69.249.5.121, Removing peer from peer table failed, no match!
Aug 21 2014 16:10:59: %PIX-4-713903: Group = VPNUSERS, Username = vledj, IP = 69.249.5.121, Error: Unable to remove PeerTblEntry

Configuration Statements:

access-list VPNUSERS-tunnel standard permit 172.16.0.0 255.255.0.0
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 172.16.3.17
 key ********
aaa-server RADIUS (inside) host 172.16.2.8
 key ********

group-policy VPNUSERS internal
group-policy VPNUSERS attributes
 dns-server value 172.16.2.8 172.16.3.17
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value VPNUSERS-tunnel
 default-domain value xyz.org
 split-dns value xyz.org

ip local pool VPNPool 172.16.7.200-172.16.7.250

tunnel-group VPNUSERS type remote-access
tunnel-group VPNUSERS general-attributes
 address-pool VPNPool
 authentication-server-group RADIUS
 authentication-server-group (outside) RADIUS
 default-group-policy VPNUSERS
tunnel-group VPNUSERS ipsec-attributes
 pre-shared-key *
 radius-sdi-xauth
!
ASKER CERTIFIED SOLUTION
Avatar of rauenpc
rauenpcFlag of United States of America imageSenior Network Speialist

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answers