04-24-2009 03:40 AM
I have configured a Router to use Radius ( MS IAS ) for console and telnet logins . I also want the vpn users connecting to that router to be authenticated with the Radius server . I have configured the router however I am not able to get the vpn client connected to the Router ( ezvpn server )
The configuration is below of the Router:
Router#sh run
Building configuration...
Current configuration : 1585 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa group server radius AUTH
server 172.16.1.243 auth-port 1645 acct-port 1646
!
aaa authentication login AUTH group radius
aaa authorization exec default group radius
aaa authorization network AUTH group radius
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
!
!
ip address-pool dhcp-pool
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group AAA
key vpnuser
dns 10.0.1.13 10.0.1.14
domain cisco.com
pool Remote-Pool
save-password
!
!
crypto ipsec transform-set VPNTRANSFORM esp-3des esp-sha-hmac
!
crypto dynamic-map Dynamic-Map 10
set transform-set VPNTRANSFORM
reverse-route
!
!
crypto map ClientMap client authentication list AUTH
crypto map ClientMap isakmp authorization list AUTH
crypto map ClientMap client configuration address respond
crypto map ClientMap 65535 ipsec-isakmp dynamic Dynamic-Map
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.241 255.255.255.0
duplex auto
speed auto
crypto map ClientMap
!
ip local pool Remote-Pool 10.0.1.100 10.0.1.150
ip http server
no ip http secure-server
!
!
!
ip radius source-interface FastEthernet0/0
!
!
radius-server host 172.16.1.243 auth-port 1645 acct-port 1646 key xxxxxx
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login authentication AUTH
!
!
end
When I dial using the Cisco Easy VPN Client i get a debug error of :
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 172.16.1.242 was not encrypted and it should've been.
I have searched on google and thought that the problem would have been with the Group ID and Password
In my case the Group ID is AAA and password is vpnuser.
But still I cant VPN into the router.
I think it is a problem associated with AAA because in books I have read and seen configuration of EzVPN using the local database and here I am authenticating them with IAS . But it should work fine as I am able to telnet into the router using my Active Directory/IAS account i.e. Administrator@radius.net
Please help
Solved! Go to Solution.
04-24-2009 09:34 AM
Change this line:
aaa authorization network AUTH group radius
to be
aaa authorization network AUTH local
04-24-2009 09:34 AM
Change this line:
aaa authorization network AUTH group radius
to be
aaa authorization network AUTH local
12-14-2010 09:08 AM
I was working on this with no success and you help me a lot... thanks for your help
04-13-2014 09:08 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: