12-06-2009 11:30 AM
12-06-2009 12:00 PM
If that is the case I would think that the source of the problem is that
the RAPs are now being directed at the new IAS server for authentication
instead of the controller, and thus they fail to connect. The good
news is that the remedy is pretty easy/quick.
First, I would check the authentication areas of the controller
configuration to see if the RAPs are no longer authenticating with the
internal database and are instead trying to authenticate against the
*new* IAS server.
You could do this by two means:
1) Audit the logs on your new IAS server... you would see the RAPs
coming in and being denied, or
2) Check the aaa settings for VPN connectivity and ensure that IAS is
-not- at the top of the list, but rather that internal DB is (which is
where you would have had the RAP 'user' accounts).
The remedy is to ensure the RAPs/VPN is set to authenticate against the
internal/local database dB.
12-07-2009 02:04 PM
Is your setup like the article here: http://www.isaserver.org/articles/IPSec_Passthrough.html
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base