RADIUS authentication for VPN users

Unanswered Question
Jul 11th, 2007

I'm trying to authenticate users on our VPN concentrator to use our Windows 2003 IAS RADIUS server but am having no luck.

If I goto Configuration > system > servers > authentication and test my Active Directory account it fails.

I am sure i have configured my IAS RADIUS server correctly, can anyone guide or help via this post or email?

let me know what info you need posted and I'll get straight back to you, I'm sure this can be done?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
whiteford Wed, 07/11/2007 - 11:13

Still no luck the test button still fails, is there a tool I can test RADIUS with? ADSM? I only use that for a PIX not a concentrator.

What info can I give you, or can you give me?

I just want to allow a certain Active Directory security group VPN access via ISA RADIUS.

Hope you can help

Danilo Dy Tue, 07/31/2007 - 05:41

I use 2003 AD/IAS for both ASA SSL and PIX IPSec VPN Client remote access but I haven't tried VPN Concentrator.

One setting to remember when creating account in 2003 AD, in the Dial-In tab under Remote Access Dial-in [or VPN] select "Allow Access", by default this is "Deny Access".

Here's how i set it up (PIX and ASA):

Windows 2003 Ent. IAS

Radius Clients:

Address: Internal IP Adress

Protocol: RADIUS

Type: RADIUS Standard

Request must contain ... attribute: disabled

Shared Secret: examplekey

Remote Access Policies:

Name: VPN Device

Conditions: (all AND)

Day-and-Time-Restrictions matches: full week


NAS-IP-Address matches:


AAA Server Groups:

Server Group RADIUS:

Server Name:

Interface Name: Inside

Timeout: 5 sec's

Server Authentication Port: 1645

Server accounting port: 1646

Retry Interval: 10 sec's

Server Secret Key: examplekey

common password:

ACL Netmask Convert: Standard

Then when i select the Radius Server and click Test> Authentication i can successfully authenticate accounts which are member of the AD group specified for

For diverse reasons i use 2 IAS servers on our network, but you have to keep them in sync manually.

Kind regards, hope it helps


This Discussion