PEAP authentication across VPN connection

Unanswered Question
Mar 19th, 2007

We are using the Cisco 871 series routers for VPN connectivity. I am testing the 871W for for VPN and wireless connectivity. I am able to get the VPN working but am having trouble with the wireless authentiction using PEAP and authentication via active directory. The problem is, my router cannot, because of the VPN connection, "talk" directly to my authentication server using the LAN ip address. I can get authentication to work if I pass the traffic through the internet, punching a hole in my firewall to complete the authentication process. This is not my preferred method. What can I do to get around may VPN access lists that are preventing my direct connectivity to my server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
frankenmuth Tue, 07/31/2007 - 06:54

It sounds like your problem is that the router is not sending the AAA traffic down the VPN tunnel. Try something like this:

Assuming you're using RADIUS, and the inside interface of the 871 is e0, configure:

ip radius source-interface e0

As long as the traffic from the IP address configured on e0 is configured to be encrypted, it should send the AAA request down the tunnel.

Note, you must also use the IP address assigned to e0 as the AAA client address in the AAA server.

Please let me know if my suggestion is unclear.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode