Unanswered Question
Dec 4th, 2007

I set up a 2811 for a client vpn connection that authenticates against a Microsoft IAS server using Active Directory credentials. It was working fine up until recently.

The server was a 2003 Standard server on SP1. Immediately after upgrading to SP2, RADIUS authentication quit working. I verified that the versions of IAS b/w SP1 and SP2 indeed changed. NO CONFIGURATION CHANGES were made on either the router or the IAS service. When I attempt to login using RADIUS, the IAS service logs a successful attempt, but the client will timeout, as if it is no longer receiving a response from the IAS server.

Has anyone run into anything like this since SP2 came out? Everything is set up according to the Cisco ASA 7.X/IAS Server config guide.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Tue, 12/04/2007 - 19:57

verify that your server is indeed sending the reply packet for radius access/accept.

install ethereal or network monitor on it to do so, and then filter out for the radius traffic.

if that comes back as good, run deb ip packet (w/ an acl) on the ios vpn router and see if it's receiving the radius packet.

check the normal windows stuff, including IAS settings. delete/recreate the NAS and policy settings.


This Discussion