Troubleshooting RA VPN FTD
Having a customer running FTDs managed by FMC configured for
remote access vpn. The authentication is performed through LDAP.
Taking a request that they can’t login with anyconnect and
the message login failed appeared.
Then I resetted my own password from AD as I didn’t save it
when I created it (if I don’t save it on KeePass then always need a reset). I tried
to login with my credentials and I successfully connected.
Then I knew that the issue was with specific user.
I checked the FW config and everything was there correctly!
Intead of resetting the password I proceeded with some
debugs on the firewall to better understand and find the issue.
Before that I connected on FTD cli then on system support
diagnostic-cli
sho debug
debug aaa authentication enabled at level 1
debug aaa authentication enabled at level 1 (persistent)
debug aaa authorization enabled at level 1
debug aaa authorization enabled at level 1 (persistent)
debug aaa accounting enabled at level 1
debug aaa accounting enabled at level 1 (persistent)
debug aaa internal enabled at level 1
debug aaa internal enabled at level 1 (persistent)
debug aaa url-redirect enabled at level 1
debug aaa url-redirect enabled at level 1 (persistent)
debug aaa common enabled at level 1
debug aaa common enabled at level 1 (persistent)
INFO: Webvpn conditional debug is turned ON
INFO: User name filters:
INFO: pro
debug vpn-sessiondb
enabled at level 9
debug vpn-sessiondb
enabled at level 9 (persistent)
debug vpn-session-trace
enabled at level 1
debug vpn-session-trace
enabled at level 1 (persistent)
debug ldap enabled at
level 255
debug ldap enabled at
level 255 (persistent)
INFO: Webvpn conditional debug is turned ON
INFO: User name filters:
INFO: pro
debug webvpn enabled
at level 1
debug webvpn enabled
at level 1 (persistent)
INFO: Webvpn conditional debug is turned ON
INFO: User name filters:
INFO: pro
Debug fxos_parser off
Conditional debug filters:
Conditional debug features:
After the debugs I tried to login with the customer
credentials
Then I noticed the below:
[583] Binding as pro
[583] Performing Simple authentication for pro to 172.30.1.10
[583] Simple authentication for pro returned code (49)
Invalid credentials
[583] Message (pro): 80090308: LdapErr: DSID-0C090439,
comment: AcceptSecurityContext error, data 775, v4563
[583] Account for pro locked out
The issue was clear. I reset the user credentials from AD.
Everything worked after that!!
What is your approach of troubleshooting RA VPN issues on
FTDs??
You can send me a message through my social media accounts or commend
Source:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_vpn_troubleshooting.html
Comments
Post a Comment