07-30-2007 06:45 PM - edited 03-10-2019 03:18 PM
I have a vpn 3005 concentrator in a dmz, directing authentication and authorisation back to a ACS Radius server. Authentication works fine, however as soon as I attempt to have the ACS server authorise as well, I received a Radius Access-reject(3) packet from the ACS Server.
07-31-2007 03:15 AM
Do you have 2 seperate radius servers ?
why are you implementing authorization for vpn?
~Rohit
07-31-2007 03:25 PM
Just 1 RADIUS server.
I though you need authorisation to push out various settnigs like NAC, IPAddressing, DNS Server addresses etc.
Whenever I just have authentication, I can vpn in fine, however no settings come across from the ACS server?
07-31-2007 04:37 PM
Well in that case you do not have to specify Authorization.
Passing attributes can be taken care of by ACS with authentication.
configuration in link can give you some idea:
http://cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml
~Rohit
07-31-2007 07:04 PM
Thanks for that.. I have setup just authentication and have successfully pushed out various settings, and downloadable ACLs. All worked fine.
Thanks again.
I had trouble with replying to your post, which is why you see 3 blank posts below :)
08-01-2007 11:28 AM
do rate helpful posts so that others can benefit from it
07-31-2007 07:05 PM
07-31-2007 07:05 PM
07-31-2007 07:05 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: