I have configured remote access VPN (IPsec) in my Cisco ASA . Before there was only single username & password to for VPN client. Now I am planning to give access through RADIUS server. I have configured RADIUS server in WIN 2003 server.
1) Administrative Tools > Internet Authentication Service and right-click on RADIUS Client to add a new RADIUS client with ip address of CISCO ASA (inside interface).
2) Remote Access Policies, right-click on Connections to Other Access Servers, and select Properties.
3) check Grant Remote Access Permissions is selected.Click Edit Profile and check these settings:On the Authentication tab, check Unencrypted authentication (PAP, SPAP), MS-CHAP,and MS-CHAP-v2.ï On the Encryption tab, ensure that the option for No Encryption is selected.Click OK when you are finished.
4.Select Administrative Tools > Computer Management > System Tools > Local Users and Groups, right-click on Users and select New Users to add a user into the local computer account.Add a user and check this profile information:On the General tab, ensure that the option for Password Never Expired is selected instead ofthe option for User Must Change Password.
On the Dial-in tab, select the option for Allow access
aaa-server vpn protocol radius
aaa-server vpn host 10.155.20.25 (RADIUS server IP )
tunnel-group vpnacc type ipsec-ra
tunnel-group vpnacc general-attributes
but it is not working. Please guide to resolve this issue.