+ Post New Thread
Results 1 to 3 of 3
How do you do....it? Thread, cisco ASA 5505 and SBS 2003 in Technical; I have two cisco asa firewalls bridging a satelite office to the main facility. This has been up and running ...
  1. #1

    Join Date
    Jun 2010
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    cisco ASA 5505 and SBS 2003

    I have two cisco asa firewalls bridging a satelite office to the main facility. This has been up and running for around three years now. Recently the domain controller (SBS2003) went up in smoke, literally. long story short, i have setup a new pc with sbs2003 from scratch. used the old domain controllers name and ip address but changed the domain name. my network bridge is still in tact, however no one can VPN into the system from home or on the road. I'm having some trouble getting the cisco box to play nice with radius or the other way around.

    used a fake name and this is what showed up in event viewer

    User monkey was denied access.
    Fully-Qualified-User-Name = CATCOMTEC2\monkey
    NAS-IP-Address = 192.168.0.5
    NAS-Identifier = <not present>
    Called-Station-Identifier = 206.248.24*.**
    Calling-Station-Identifier = 206.248.24*.**
    Client-Friendly-Name = asa
    Client-IP-Address = 192.168.0.5
    NAS-Port-Type = Virtual
    NAS-Port = 26
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = <undetermined>
    Authentication-Type = PAP
    EAP-Type = <undetermined>
    Reason-Code = 16
    Reason = Authentication was not successful because an unknown user name or incorrect password was used.

    used a real account below and see the difference
    User cworsham was denied access.
    Fully-Qualified-User-Name = catcomtec2/Users/Chris
    NAS-IP-Address = 192.168.0.5
    NAS-Identifier = <not present>
    Called-Station-Identifier = 206.248.24*.**
    Calling-Station-Identifier = 206.248.24*.**
    Client-Friendly-Name = asa
    Client-IP-Address = 192.168.0.5
    NAS-Port-Type = Virtual
    NAS-Port = 26
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = cctivpn
    Authentication-Type = PAP
    EAP-Type = <undetermined>
    Reason-Code = 66
    Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.

    any insights as to the difference in the Fully qualified user name, the errors thrown. why is my authentication server showing as undetermined? please help, i've got to get this back up quick!

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,691
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    If you changed the domain name this could be causing a few of your problems, a fully qualified domain name will include the domain name ie. domain.local\user1 so any old usernames or setups to automaticly append domain names to logons will need to be changed. Were you able to migrate the users to the new domain or are their computers still setup to point to the old domain. You would need to rejoin each workstation to the new domain so that they appear in AD and point to the appropriate domain for authentication.

    How much of the old system were you able to restore from backups?

  3. #3

    Join Date
    Jun 2010
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Nothing from the old domain was salvagable. Started from scratch. Moved all in house pcs to new domain. Having issues with vpn in from home or the road.

SHARE:
+ Post New Thread

Similar Threads

  1. VPN with Cisco ASA5505 and SBS 2003
    By -Jim in forum Wireless Networks
    Replies: 4
    Last Post: 23rd April 2009, 03:19 PM
  2. SBS 2003 POP Connector Timing
    By Number6 in forum Windows Server 2000/2003
    Replies: 5
    Last Post: 27th February 2009, 10:10 PM
  3. SBS 2003 - Where is this setting
    By IA76 in forum Windows
    Replies: 4
    Last Post: 22nd July 2008, 11:40 AM
  4. TS inside Cisco ASA firewall
    By BigBadVinny in forum Wireless Networks
    Replies: 5
    Last Post: 15th June 2007, 08:53 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •