I've got a pix501 runing 6.3 software and an Windows Server 2003 running Active Directory and IAS for my RADIUS service. I've configured many Windows 2000/Pix RADIUS setups in the past and have had no real problems, yet I have yet to be able to get a working Server2003/Pix setup working. Is there something fundamentally different between IAS 2000 and IAS 2003? Here is my pix config;
I know the VPN works because I can switch the auth to LOCAL and VPN in fine with local users. This is the same pix code/setup I've used on IAS 2000 servers and it has always worked fine. Can anyone provide any help with this? Thanks
I am not sure if this is related but I've run into an issue recently where I had a VPN solution working through an ASA 5510 w/RADIUS using an IAS 2003 server. The box IAS was running on was 2003 server SP1. As soon as the customer upgraded to SP2, the integration stopped working. From looking at the logs, the IAS service seems to be fine, it is logging successful authentications. However, the client software just times out after the user submits their active directory username and password.
I've got a TAC case open, and I hope to get some answers today.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...