With a 5510 we are using 2008 NPS for AD auth. Do you have something under you Connection Request Policy? The log seems to be telling you that there is something missing there.
Thanks, Erik -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeff Wojciechowski Sent: Tuesday, October 20, 2009 3:58 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ASA 5505 VPN with 2008 NPS as AD Integrated RADIUS Hi All, Has anyone gotten ASA based VPN (soft clients) to work with Windows 2008 NPS - AD Integrated RADIUS to work? As our engineer put it: "Cisco does not have a document for authentication configuration with Windows 2008. Since they say the ASA configuration looks fine they have washed their hands of it and want to close the case." I can see this in the logs on our AD server: Contact the Network Policy Server administrator for more information. User: Security ID: NULL SID Account Name: %domain\username% Account Domain: - Fully Qualified Account Name: - Client Machine: Security ID: NULL SID Account Name: - Fully Qualified Account Name: - OS-Version: - Called Station Identifier: %some ip address% Calling Station Identifier: %some originating ip address% NAS: NAS IPv4 Address: %ip of server% NAS IPv6 Address: - NAS Identifier: - NAS Port-Type: Virtual NAS Port: 159744 RADIUS Client: Client Friendly Name: whl_vpn_new Client IP Address: %ip address of client% Authentication Details: Proxy Policy Name: - Network Policy Name: - Authentication Provider: - Authentication Server: %fqdn of server% Authentication Type: - EAP Type: - Account Session Identifier: - Reason Code: 49 Reason: The connection attempt did not match any connection request policy. If this has been asked and answered (or if there is a better forum for this), I apologize. If someone could nudge me in the right direction that would be very awesome. Technet for the above error is pretty pointless as usual.... Thanks again, -Jeff _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/