Hi, Do you have check your NPS Logs ? (in your Windows 2008 Server ?)
On Mon, Mar 25, 2013 at 4:18 PM, Vipan Kapur <[email protected]> wrote: > Hello, > > I am able to ping the Raduis server (Microsoft) from the firewall and able > to ping the firewall from the Radius server. When I try to connect using > an > AD account, I get the following on the firewall. > > 2013-03-25 11:05:15 info IKE 198.228.194.124: XAuth login failed > for > gateway GW-DIALUP-VPN, username r.neal, retry: 0, timeout: 0. > 2013-03-25 11:05:15 warn Primary 10.50.100.12, backup1 , and backup2 > servers failed. > 2013-03-25 11:05:15 warn Active Server Switchover: New requests for > Microsoft server will try Primary from now on. > 2013-03-25 11:05:15 warn Active Server Switchover: New requests for > Microsoft server will try Backup2 from now on. > 2013-03-25 11:05:14 warn Active Server Switchover: New requests for > Microsoft server will try Backup1 from now on. > 2013-03-25 11:05:12 info IP address 10.50.101.14 is released from > 0026088ff9ed. > 2013-03-25 11:05:12 info IP address 10.50.100.71 is assigned to > 0026088ff9ed. > 2013-03-25 11:05:11 info IP address 10.50.100.71 is assigned to > 0026088ff9ed. > 2013-03-25 11:05:08 info IP address 10.50.101.14 is assigned to > 0026088ff9ed. > 2013-03-25 11:05:06 warn Trying primary server 10.50.100.12. > 2013-03-25 11:05:03 info Rejected an IKE packet on ethernet0/2 from > 198.228.194.124:34633 to 209.66.114.182:4500 with cookies 42a0918ad450522c > and 10d48403d7ae665b because A Phase 2 packet arrived while XAuth was still > pending. > 2013-03-25 11:05:03 info IKE 198.228.194.124 Phase 1: Completed > Aggressive mode negotiations with a 28800-second lifetime. > 2013-03-25 11:05:03 info IKE 198.228.194.124 Phase 1: Completed for > user client.corporate.com. > 2013-03-25 11:05:03 info IKE<198.228.194.124> Phase 1: IKE responder > has detected NAT in front of the remote device. > 2013-03-25 11:05:03 info IKE<198.228.194.124> Phase 1: IKE responder > has detected NAT in front of the local device. > 2013-03-25 11:05:03 info IKE 198.228.194.124 phase 1:The symmetric > crypto key has been generated successfully. > 2013-03-25 11:05:03 info IKE 198.228.194.124 Phase 1: Responder > starts AGGRESSIVE mode negotiations. > > I am attaching my firewall config as well as the Shrew Client config file. > I hope someone will be able to assist me resolving the issue. > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kevin VPN > Sent: Sunday, March 24, 2013 9:25 PM > To: [email protected] > Subject: Re: [vpn-help] VPN not working with Radius and windows 2008 > > On 02/27/2013 01:11 PM, Vipan Kapur wrote: > > Hello there! > > > > I hope you can help me, I have setup VPN access using the article > > http://www.shrew.net/support/Howto_Juniper_SSG but I cannot connect > > using the Radius server. I can only connect if I create a user > > account on the firewall, but I don't want to do that for all the users. > > > > The firewall shows the following: > > > > 2013-02-27 13:04:26 info IKE 198.228.192.58: XAuth login failed for > > gateway GW-DIALUP-VPN, username v.kapur, retry: 0, timeout: 0. > > 2013-02-27 13:04:26 warn Primary 10.50.100.12, backup1 , and backup2 > > servers failed. > > 2013-02-27 13:04:26 warn Active Server Switchover: New requests for > > Microsoft server will try Primary from now on. > > 2013-02-27 13:04:26 warn Active Server Switchover: New requests for > > Microsoft server will try Backup2 from now on. > > 2013-02-27 13:04:25 warn Active Server Switchover: New requests for > > Microsoft server will try Backup1 from now on. > > 2013-02-27 13:04:17 warn Trying primary server 10.50.100.12. > > Hi Vipan, > > These messages look to me like your Juniper is unable to contact the RADIUS > server. I'm assuming "Microsoft server" is your Windows 2008 RADIUS > server. > > If your device is unable to communicate with the RADIUS server, it > obviously > would be unable to verify credentials that come from that server. > > _______________________________________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help > > _______________________________________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help > >
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
