Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
844
Views
0
Helpful
6
Replies

Windows 2003 IAS -> RADIUS query

Go to solution
baudhayan
Level 1
Level 1

‎12-30-2005 08:23 AM - edited ‎03-10-2019 02:25 PM

I have a Primary Win 2k3 AD & an additional Win 2k3 AD which I'm using as RADIUS server for my PIX-515E VPN clients. In the list of RADIUS Servers in PIX I have already defined both of them, but I find tht if 1 of these Server's r down the AAA request doesnt get forwarded to the other Server & hence my VPN authentication fails. Both the Servers r otherwise functioning perfectly as RADIUS Servers. Can some1 help me out with this. Thnx in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
srue
Level 7
Level 7
In response to baudhayan

‎01-05-2006 08:05 PM

Have you checked the Windows Event Viewer (System) for the IAS entries for the failed VPN attempts? Why do you have LOCAL defined as an authentication group? If one Radius server fails, is the PIX trying to LOCAL-ly authenticate the users? Take out the LOCAL at the end of your crypto map statement and see what happens.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Patrick Laidlaw
Level 4
Level 4

‎12-31-2005 02:11 PM

Can you post the part of your config that has to do with the radius server.

Patrick

0 Helpful

Go to solution
baudhayan
Level 1
Level 1
In response to Patrick Laidlaw

‎12-31-2005 11:28 PM

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server RADIUS (inside) host AMDomainController2 timeout 5

aaa-server RADIUS (inside) host AMDomainController1 timeout 5

..............

crypto map outside_map client authentication RADIUS LOCAL

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to baudhayan

‎01-05-2006 08:05 PM

Have you checked the Windows Event Viewer (System) for the IAS entries for the failed VPN attempts? Why do you have LOCAL defined as an authentication group? If one Radius server fails, is the PIX trying to LOCAL-ly authenticate the users? Take out the LOCAL at the end of your crypto map statement and see what happens.

0 Helpful

Go to solution
baudhayan
Level 1
Level 1
In response to srue

‎01-06-2006 05:12 AM

I cannot check the Event Viewer for IAS failed attempts, as a failed attempt only happens if the Server is down. Anyways I'll try 2 remove d LOCAL option & c if it works. Thnx 4 ur suggestions.

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to baudhayan

‎01-06-2006 05:31 AM

But you have two Windows servers acting as radius servers. Check the event viewer on the one that doesN'T go down.

0 Helpful

Go to solution
baudhayan
Level 1
Level 1
In response to baudhayan

‎01-06-2006 06:05 AM

Ichked d logs but no AAA requests were rcvd if 1 was down. Anyways removing that LOCAL option solves the problem. Thnx 1ce again.

0 Helpful
Customers Also Viewed These Support Documents