cisco remote VPN fail to authenticate via Ms radius server

  • ciscoask@hotmail.com
  • Newbie
  • Newbie
  • ciscoask@hotmail.com
  • Posts: 7

Post 3+ Months Ago

Hi.. I am configuring cisco remote VPN on my PIX to authenticate via the windows 2000 radius server. And I believe that I had configured correctly in PIX , the config is as shown below and I am to get the login prompt when connect to my PIX outside interface via the cisco remote VPN client and it failed to authenticate via my Ms 2000 radius server. I had installed Ms ISA server in one of my DC (but it is not my primary DC) and I added a radius client for my PIX and specify the correct secret. Also I register the IAS to the AD and allow the dial in policy. In AD user dial in properties, I did allow the user to dial in. What is the problem then??

1)Should the radius server be the same as the DNS server? my radius server is 192.168.1.50 but my DNS server is 192.168.1.10. Will it affected?

2)Should I configure the "remote access and routing" for my radius server? Should I change my remote access and routing authentication to authenticate via radius instead of windows authentication?

3) Should I use the different version of cisco remote VPN Client, mine is ver 3.6

ip local pool REMOTEIPPOOLS 192.168.100.1-192.168.100.30
aaa-server AuthInbound protocol radius
aaa-server AuthInbound (inside) host 192.168.1.50 xxxxx timeout 10
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption des
isakmp policy 50 hash md5
isakmp policy 50 group 2
isakmp policy 50 lifetime 86400
crypto ipsec transform-set remoteset esp-des esp-md5-hmac
crypto dynamic-map dynmap 80 set transform-set remoteset
crypto newmap 85 ipsec-isakmp dynamic dynmap
crypto map newmap 85 ipsec-isakmp dynamic dynmap
crypto map newmap client configuration address initiate
crypto map newmap client configuration address respond
crypto map newmap client authentication AuthInbound
crypto map newmap interface outside
isakmp enable outside
vpngroup GROUP address-pool REMOTEIPPOOLS
vpngroup GROUP dns-server 192.168.1.10
vpngroup GROUP wins-server 192.168.1.10
vpngroup GROUP default-domain xxx.com
vpngroup GROUP idle-time 1800
  • Norton
  • Newbie
  • Newbie
  • User avatar
  • Posts: 10
  • Loc: england

Post 3+ Months Ago

sorry cant help u there dont under stand it :arrow:

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 46 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.