I am setting up a 2801 router for Cisco clients to connect to and working on getting it to work with IAS server. I've been looking at lots of configuration examples and see that I can do isakmp authorization to Radius but can't get it to work. I have crypto map xxyy client authentication working to Radius but crypto map xxyy isakmp authorization isn't working - I can only get connections by setting it to local. I've read a bunch of different guides on aaa but I'm not sure what the benefit of the authorization part is. It almost seems like this is backward ex: the shared key authenticates and then if your username is valid and set to accept dial-in in Active Directory then you are "authorized" - what am I missing? and what is being "authorized" if there are no local users on the router but it is doing isakmp authorization to a local list?
Thanks to anyone who can give me some insight on this!