Using a 3825 router to set up incoming VPN connection using the Cisco VPN client. I would like group auth to be done on the router, and user auth using radius, in this case an IAS server.
The problem is that the router is sending groupauth to the IAS server, which of course denies it. So, communication between the router and IAS server is fine, it's just what is being sent.
Our group name is remote, and it sends domain\remote as the username to the IAS server. Key exchange needs to be handled by the router, and then when the user enters their domain user/pass, it's sent to the IAS server.
Below is the relvant config. I feel like I am close, but am missing something obvious. Thanks in advance for taking a look and/or referring me to relevant config references.
aaa group server radius VPNAccess
server 188.8.131.52 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authorization network groupauthor group VPNAccess
crypto isakmp policy 10
crypto isakmp client configuration group remote
dns 184.108.40.206 220.127.116.11
crypto ipsec transform-set strong esp-3des esp-sha-hmac
crypto dynamic-map dyna 10
set transform-set strong
crypto map MYMAP isakmp authorization list groupauthor
crypto map MYMAP client configuration address respond
crypto map MYMAP 10 ipsec-isakmp dynamic dyna