Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ASA 5520 - Issues (not sure if its nat or.. )

ASA 5520 - Issues (not sure if its nat or.. ) 7 years 1 week ago #32168

  • RossM
  • RossM's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Hi All,

I have an issue with my ASA5520.

I am trying to setup VPN Auth via AD and have been successful in the past but this time something isnt quite right.

I get ERROR: Authorization Server not responding: AAA server has been removed. Googling suggested that this was reaching the server, but the logon details/LDAP String was incorrect.

When I look in the log on the AD I do not see any attempt to login etc... and when I look at the ASA log I see an oddity.... (which maybe a complete red herring to the problem above)

Instead of seeing From ASA to ADServer:389 I see it back to front... i.e as if the request is coming from the ADServer to the ASA.

Configuration:

Have static route for 10.15.20.0/23 to goto 10.1.1.1

Inside Interface: 10.1.1.2

So in essence i have 2 networks behind that 1 interface.
Internet works fine and appears normal in the log, I can ping from the ASA to the AD server and vise versa and that appears fine.

If I do a packet tracer from 10.1.1.25 to 10.15.20.21 that goes through fine. If I do 10.1.1.2 to 10.15.20.21 it fails saying it doesnt match the ACL rule. (even though I have set these up)

I have seen this before in that if the ASA knows it cannot get to the destination, it stops it before it goes out of the interface(?) and gives a bogus error.

Ive been working on this for the past day or so and have asked around a could of other cisco savvy people and they are stumped... Any help very gratefully received :)

Ross
The administrator has disabled public write access.

Re: ASA 5520 - Issues (not sure if its nat or.. ) 7 years 1 week ago #32170

  • RossM
  • RossM's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
UPDATE:

Total red herring, after dble and tripple checking the LDAP string noticed the AD displayname was in caps and everything else was lowercase... changed to all lower case am able to authenticate etc. However, would still like to know/fix the issue re: the log being the wrong way round.
The administrator has disabled public write access.
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup