New RADIUS Server

[jskolm85]

I have a PIX 506E. Currently we use the Cisco VPN client to connect to the PIX and it uses RADIUS to contact our RADIUS server to permit access. The Server is a Windows 2000 PDC. I am replacing that server with a new Windows 2008 Server. I know that the IAS has been changed to NPS. I have that all set up and configured. But when I try to change the IP address in the PIX to point to the new server I get:

"you must remove all AAA corresponding entries prior to
removing the last server in group"

Any help?

 

[Supergrrover]

add the new server to the group and then delete the old one.
make sure that the secret is an exact match.
it is a good idea with aaa to have 2 servers or a fall back to local in case one goes down.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[jskolm85]

The secret is an exact match. (I thought that was the problem originally so I have typed it like 20 times now, stupid me)

But I think I am way off here then... (not real good with Cisco) How to I add it to the group? I am using the PDM to make it easier for me, but I can do the command line if needed.

 

[jskolm85]

Nevermind the last post. I got it...

But I still cannot connect with the Cisco VPN client.

Secure VPN Connection terminated locally by the client.
Reason 413: User Authentication failed.

Any ideas here?

 

[Supergrrover]

What are the logs saying? Is it hitting the new server? Have you tested the server config?

Sometimes these things are really picky. You might have to delete all your AAA settings and re-set them up on the ASA. I haven't had problems with the AAA part but the VPN config can be finicky.


Brent
Systems Engineer / Consultant
CCNP, CCSP