Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 7.0 with radius and vpn client

Hello,

I want to authenticate vpn client with radius, it's working with pix 6.3 but with a pix 7.0, I have some difficulties :

if I test my radius connection with "test aaa-server authentication partnerauth"

It's working ...

INFO: Attempting Authentication test to IP address <*.*.*.*> (timeout: 12 seconds)

INFO: Authentication Successful

But with a vpn client, I have Remote peer has failed user authentication - check configured username and password

Any idea ?

2 REPLIES

Re: Pix 7.0 with radius and vpn client

When VPN clients fails , do you see any hits on Radius server ? Please try increasing radius timeout and see if that makes any difference.

Regards,

~JG

New Member

Re: Pix 7.0 with radius and vpn client

Yes, I see it.

The authentication by radius server is accepted and granted with the test command but not with the vpn client.

The request to the radius server are different and I don't why ...

The test command

rad_recv: Access-Request packet from host *.*.*.*:1025, id=98, length=91

User-Name = "test"

User-Password = "*****"

NAS-IP-Address = *.*.*.*

NAS-Port-Type = Virtual

Cisco-AVPair = "ip:source-ip=000.000.000.000"

The vpn client

rad_recv: Access-Request packet from host *.*.*.*:1025, id=99, length=155

User-Name = "test"

User-Password = "******"

NAS-Port = 7

Service-Type = Framed-User

Framed-Protocol = PPP

Called-Station-Id = "*.*.*.*"

Calling-Station-Id = "*.*.*.*"

Tunnel-Client-Endpoint:0 = "*.*.*.*"

NAS-IP-Address = *.*.*.*

NAS-Port-Type = Virtual

Cisco-AVPair = "ip:source-ip=*.*.*.*"

151
Views
0
Helpful
2
Replies