I able to VPN authentication via 2851 local but fail when switch to w2k3 IAS. I referred the URL but no luck to figure out.
1. 2851 router configuration
aaa authentication login user_auth group radius local
aaa authorization network group_auth group radius local
ip domain name family.com
username cisco privilege 15 password 7 030752180500
username lab privilege 15 password 7 12150415
crypto isakmp policy 1
crypto isakmp client configuration group vpnfamily
crypto ipsec transform-set trans_family esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set trans_family
crypto map clientmap client authentication list user_auth
crypto map clientmap isakmp authorization list group_auth
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
radius-server host 10.10.10.222 auth-port 1645 acct-port 1646 key 7 03550958525A
2. w2k3 IAS event log
User vpnfamily was denied access.
Fully-Qualified-User-Name = INFRA\vpnfamily
NAS-IP-Address = 10.10.10.1
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 18.104.22.168
Client-Friendly-Name = vpn client
Client-IP-Address = 10.10.10.1
NAS-Port-Type = Virtual
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
I configured IAS "Radius clinets" and "Remote access policies with NAS IP address" properly. what other should I configured in IAS?
As per event log denied the user "vpnfamily" which is VPN group name in 2851 router. I configured this in w2k3 AD but no luck - got same event log
Looks the referred URL's IAS box is not AD server since it using local user but mine is same box the IAS and AD. Do I need different box the IAS from AD?
How to resolve the user deny issue?