iPhone fails to authenticate within ACS.

Unanswered Question
Jan 28th, 2009
User Badges:

Hi There!


I have created a VPN group (PIX v8.0(3))to the corporate iPhones, they work fine if the authentication is LOCAL, but if I request them to authenticate within ACS, it fails. What should I do?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
j.conceicao Thu, 01/29/2009 - 04:48
User Badges:

So far it is.

Yes, I have added the PIX in the ACS. I have about 300 L2L Dynamic connection, 3 PIX x PIX/ASA and about 150 remote access.


Here is the set pointing to ACS:

aaa-server PIX protocol radius

aaa-server PIX (Corp) host 10.0.30.3

timeout 5

key auditor


j.conceicao Thu, 01/29/2009 - 07:35
User Badges:

This group has access via remote VPN and via iPhone.


Here is mu configuration:


object-group network Painel

network-object 172.30.23.0 255.255.255.0

!

access-list Outside_cryptomap extended permit ip any object-group Painel

access-list Corp_NAT_0_out extended permit tcp host 10.0.30.102 object-group Painel eq 7778

access-list Corp_NAT_0_out extended permit tcp host 10.0.30.109 object-group Painel eq www

access-list Corp_NAT_0_out extended permit tcp host 10.0.30.169 object-group Painel eq 8080

access-list Corp_NAT_0_out extended permit tcp host 10.0.30.191 object-group Painel eq 8080

access-list Corp_NAT_0_out extended permit tcp host 10.0.30.235 object-group Painel eq www

access-list Corp_NAT_0_out extended permit tcp host 10.0.30.253 object-group Painel eq www

!

access-list Painel_SplittunnelAcl standard permit host 10.0.30.102

access-list Painel_SplittunnelAcl standard permit host 10.0.30.109

access-list Painel_SplittunnelAcl standard permit host 10.0.30.169

access-list Painel_SplittunnelAcl standard permit host 10.0.30.191

access-list Painel_SplittunnelAcl standard permit host 10.0.30.235

access-list Painel_SplittunnelAcl standard permit host 10.0.30.253

!

ip local pool PainelACCESS 172.30.23.1-172.30.23.254 mask 255.255.255.0

!

group-policy Painel internal

group-policy Painel attributes

vpn-tunnel-protocol IPSec l2tp-ipsec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Painel_SplittunnelAcl

!

tunnel-group Painel type ipsec-ra

tunnel-group Painel general-attributes

address-pool PainelACCESS

authentication-server-group PIX

authorization-server-group PIX

accounting-server-group PIX

default-group-policy Painel

tunnel-group Painel ipsec-attributes

pre-shared-key *


Actions

This Discussion