Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3005 and radius

I am having problems getting raduis win2k to work with the 3005. I set the authentication server and was able to get authentication successfull, but when I set an Exteranl group I am getting erros. If I look in the event log its trying to authenticate the group name and not the user on the other side. So I created a user account and entered that as the group. I was able to authenticate to the raduis but the 3005 would not let me get past. We are using raduis on all of our cisco equipment, as5300's, routers, etc and nerver had a problem. Has some one experienced this before or is there a work around beside Internal groups that we would have to manage?



Cisco Employee

Re: 3005 and radius

If you just want to authenticate the users of this group to the Radius server, leave the Group set to Internal, go under the IPSec tab and set Authentication to Radius.

Setting the group to External means you want to configure the entire group parameters on the Radius server (you'll notice the configuration tabs disappear from the VPN3000 GUI). A Win2K Radius server doesn't have the ability to set all the different attributes for the group which is why it's failing.

Setting it to External works with a ACS server cause it has all the definable attributes, but even then not many people use it (I don't see any point in it personally). In general the wording on the screen just confuses people and they do what you've done.

CreatePlease login to create content