I have a Cisco VPN Server which i have configured to send authentication request to a Cisco Access Control Server. The Cisco Access Control Server has been configured to send the authentication request to a Windows Server(W2k3). The Windows Server has Internet Authentication Server configured. The Windows Servers is the secondary Domain Controller. The Windows Server has been configured to send Authentication request to a Strong Authentication Server(Gemalto), to achieve 2-Factor Authentication. When i login using the VPN Client, using the concatenation(One time Password and Windows Password(Domain Credentials) i am able to login. I am also able to login using ONLY my Windows(Domain credentials), this defeats my aim which is to use 2-Factor Authentication. How do i restrict the IAS from authenticating against the Active Directory?

Hi, It sounds like a configuration problem. How did you configure IAS and Windows Server? If you’re configuring IAS as a RASIUS Proxy, please refer to the section "Configuring the primary and secondary RADIUS servers for the other user account database" of the article below: Using a different authentication database http://technet.microsoft.com/en-us/library/cc778691%28WS.10%29.aspx Please also refer to ther articles to check your configuration. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.