Allowing PEAP - MSCHAPv2 traffic through PIX

Unanswered Question
Sep 23rd, 2007
User Badges:

Hi friends,

There is a PIX that segments the wireless network from the wired network and does routing between them as well.

Now, i have created an open access list allowing access to everything.

The Access point (wireless network) talks to the Radius / AD server viz. (PEAP MSCHAPv2) for AD authentication.

Authentication fails in such a setup. But if i put the AP in the same segment as radius server, i am able to get authenticated successfully.

The issue is only when NAS (Access point) and MS IAS Radius server are in separate subnets.

Authentication works perfectly fine if they are in the same subnet.

Access lists / Static statements are all given appropriately.

Anyone with ideas on how to resolve this?

Should i make PIX also a AAA client to the radius server?

Thanks a lot


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion