Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows 2003 IAS -> RADIUS query

I have a Primary Win 2k3 AD & an additional Win 2k3 AD which I'm using as RADIUS server for my PIX-515E VPN clients. In the list of RADIUS Servers in PIX I have already defined both of them, but I find tht if 1 of these Server's r down the AAA request doesnt get forwarded to the other Server & hence my VPN authentication fails. Both the Servers r otherwise functioning perfectly as RADIUS Servers. Can some1 help me out with this. Thnx in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Windows 2003 IAS -> RADIUS query

Have you checked the Windows Event Viewer (System) for the IAS entries for the failed VPN attempts? Why do you have LOCAL defined as an authentication group? If one Radius server fails, is the PIX trying to LOCAL-ly authenticate the users? Take out the LOCAL at the end of your crypto map statement and see what happens.

6 REPLIES

Re: Windows 2003 IAS -> RADIUS query

Can you post the part of your config that has to do with the radius server.

Patrick

New Member

Re: Windows 2003 IAS -> RADIUS query

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server RADIUS (inside) host AMDomainController2 timeout 5

aaa-server RADIUS (inside) host AMDomainController1 timeout 5

..............

crypto map outside_map client authentication RADIUS LOCAL

Gold

Re: Windows 2003 IAS -> RADIUS query

Have you checked the Windows Event Viewer (System) for the IAS entries for the failed VPN attempts? Why do you have LOCAL defined as an authentication group? If one Radius server fails, is the PIX trying to LOCAL-ly authenticate the users? Take out the LOCAL at the end of your crypto map statement and see what happens.

New Member

Re: Windows 2003 IAS -> RADIUS query

I cannot check the Event Viewer for IAS failed attempts, as a failed attempt only happens if the Server is down. Anyways I'll try 2 remove d LOCAL option & c if it works. Thnx 4 ur suggestions.

Gold

Re: Windows 2003 IAS -> RADIUS query

But you have two Windows servers acting as radius servers. Check the event viewer on the one that doesN'T go down.

New Member

Re: Windows 2003 IAS -> RADIUS query

Ichked d logs but no AAA requests were rcvd if 1 was down. Anyways removing that LOCAL option solves the problem. Thnx 1ce again.

334
Views
0
Helpful
6
Replies
CreatePlease to create content