I am having problems getting raduis win2k to work with the 3005. I set the authentication server and was able to get authentication successfull, but when I set an Exteranl group I am getting erros. If I look in the event log its trying to authenticate the group name and not the user on the other side. So I created a user account and entered that as the group. I was able to authenticate to the raduis but the 3005 would not let me get past. We are using raduis on all of our cisco equipment, as5300's, routers, etc and nerver had a problem. Has some one experienced this before or is there a work around beside Internal groups that we would have to manage?
If you just want to authenticate the users of this group to the Radius server, leave the Group set to Internal, go under the IPSec tab and set Authentication to Radius.
Setting the group to External means you want to configure the entire group parameters on the Radius server (you'll notice the configuration tabs disappear from the VPN3000 GUI). A Win2K Radius server doesn't have the ability to set all the different attributes for the group which is why it's failing.
Setting it to External works with a ACS server cause it has all the definable attributes, but even then not many people use it (I don't see any point in it personally). In general the wording on the screen just confuses people and they do what you've done.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :