I and my associates have configured a Windows 2003 server with IAS to authenticate wireless users according to the entries in AD. The AD is on the same server, the authentication works fine when our router request an authentication for a remote-VPN login but the problem is the wireless part. We are using a Cisco Aironet 1200 AP and Cisco Wireless adapters with Cisco ADU(in our laptops), they have connectivity with the server and we are assured that the server is recieving the RADIUS-requests, but it's not sending any packets back to the AP. We have little or no experience with certificates, but we are using PEAP-MS-CHAPv2, as suggested in many guides and our settings seems to be correct.
I have attached the AP-config and the "debug radius authentication"-output. Any ideas of whats causing the trouble? We have been guessing that the IAS expects specific radius attributes which the AP is NOT sending or perhaps that the IAS can't interpret the ones that ARE sent, thus not even bothering to reply to the AP.
The issue has been solved. The solution was to use correct certificates. We are more than a little annoyed that the debug and errorlogs didn't show any sign to the certificate installment beeing erronous. The lesson learned from this is; if you encounter "unsupported attributes" in your radius debug, you might want to check on how you assign certificates to your hosts.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...