TechRepublic|Forums|Security

Security

General discussion

  • Creator
    Topic
  • July 6, 2005 at 10:58 am #2182513

    Using Win. Group Policies w/Cisco 3000

    Locked

    by brooks2 · about 18 years, 9 months ago

    I have a Cisco 3000 VPN concentrator which supports NT Domain and RADIUS authentication for groups and users. I have implemented domain and group authentication i the past, but am having trouble doing it this time around. It has been a few years and the software (Windows and Cisco) have changed slightly. I am having trouble getting the RADIUS authentication for groups working with the group policies. The group policy should check to see if the user is part of a security group to allow or deny access to the network.

    I have not contacted the Cisco TAC yet because we have had problems getting the maintenance purchased with the unit linked to my CCO account.

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • August 4, 2005 at 4:15 pm #3050673

      Reply To: Using Win. Group Policies w/Cisco 3000

      by gdoc · about 18 years, 8 months ago

      In reply to Using Win. Group Policies w/Cisco 3000

      You never stated what version of MS Win authentication you are using, or if the VPN30xx whas a member of the DNS domain. This may be the only issue, or you may be having other LDAP related issues, or the implementation of RADIUS on W2K3?
      I’ve used direct to LDAP Windows support as well as a separate RADIUS support of AAA.
      Both still function.
      You’ll need to do some log analysis on the VPN30xx to find the causial factor….with that we can go further.

      I know the problem with vendors retaining the Maintenence registrations, and it sucks. You should be able to have your vendor set you up under their account. Or you can request a transference (a pain but sometimes worth it) of the device registration from them to you. Cisco will work with you, but will require a lot of documentation, and some legal paperwork.

    • August 4, 2005 at 8:18 pm #3050593

      Reply To: Using Win. Group Policies w/Cisco 3000

      by brooks2 · about 18 years, 8 months ago

      In reply to Using Win. Group Policies w/Cisco 3000

      Follow up: The authentication server is a Windows 2003 server running IAS. It is a domain controller and DNS server. DNS servers are defined on the VPN 3005.

    • July 24, 2006 at 1:10 pm #3207699

      Reply To: Using Win. Group Policies w/Cisco 3000

      by georgeou · about 17 years, 9 months ago

      In reply to Using Win. Group Policies w/Cisco 3000

      Cisco VPN concentrators have a bug with Windows 2003. The “solution” from Cisco a few months ago when I was on support was to use RADIUS. I use Microsoft IAS on Win2003 and it’s beautiful. It integrates in to AD and I can even use IAS to spit out a custom RADIUS attribute to get the concentrator to assign the VPN group based on the Active Directory group.

      • July 24, 2006 at 1:12 pm #3207697

        Reply To: Using Win. Group Policies w/Cisco 3000

        by georgeou · about 17 years, 9 months ago

        In reply to Reply To: Using Win. Group Policies w/Cisco 3000

        Forgot to say that the bug was with Windows 2003 LDAP mode. There is no fix for it and you have to use RADIUS though it works better.

      • January 11, 2008 at 4:42 pm #2663662

        Reply To: Using Win. Group Policies w/Cisco 3000

        by billanh · about 16 years, 3 months ago

        In reply to Reply To: Using Win. Group Policies w/Cisco 3000

        Have a cisco 3015 vpn try to conf. it to authenticate with IAS Win2003 server. On3015, i conf. group name abc and a user name bill. it works fine using bill (because it authenticate locally) but when i tried to use a “abc” it does not works, what did i do wrong?
        i should be able to telnet to port 1645 on the IAS server right? I’m not able to may be that the problem
        thanks in advance.

  • Author
    Replies
Viewing 2 reply threads