Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Help PIX and freeradius

HI

I have a problem with my configuration. can someone help.

I have a freeradius, pix and vpn client and i install the radius to authenticate the vpn users. i tested the authentication from the pix to the radius OK but if I want the vpn user to authenticate, after doing tcpdump on the radius server I can see the request coming from the pix but the request cannot go back to the pix. can someone help.

NB: I can authenticate the ssh connection but not the vpn.

thanks

-------------

carrel

---------------------- part of the configuration concerning my pb -------------

aaa-server RADIUS protocol radius

aaa-server RADIUS host 192.168.1.40

retry-interval 2

timeout 2

key vpn

authentication-port 1812

accounting-port 1813

!

aaa authentication ssh console RADIUS

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map vpn 20 set transform-set ESP-AES-256-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic vpn

crypto map outside_map interface outside

crypto map outside_map client authentication RADIUS

isakmp enable outside

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption aes-256

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

ip local pool staffpool 10.33.11.1-10.33.11.254

vpngroup groupstaff address-pool staffpool

vpngroup groupstaff password **********

----------------------------------

the log is attached

,

1 REPLY
Anonymous
N/A

Re: Help PIX and freeradius

158
Views
0
Helpful
1
Replies
CreatePlease to create content