Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN auth fails if RADIUS server not first in list

Base group IPSEC tab has authentication set to "Internal." RemoteAccess group IPSEC tab has authentication set to "RADIUS with Expiry." WebVPN group IPSEC tab has authentication set to "Internal."

Configuration/System/Servers/Authentication has two entries: RADIUS server first, internal second. I need internal to be first because I have my WebVPN users configured on the internal database. However, if RADIUS server is not first, RemoteAccess group users fail to authenticate.

I tried configuring the RADIUS server on the Authentication servers button for the RemoteAccess group in Configuration/User Management/Groups, but get the same result.

Basically, my question is: how can I authenticate IPSEC remote access VPN users with RADIUS and WebVPN users with internal database?

Thank you,

Joshua

1 REPLY

Re: IPSEC VPN auth fails if RADIUS server not first in list

I don't think the behavior you have described is correct, "However, if RADIUS server is not first, RemoteAccess group users fail to authenticate. ". If all configurations are correct the remote users should land in the RemoteAccess which has authentication set to Radius. Whatever is set in the global default parameters (internal db) should not affect it.

However the converse is not true for webvpn, for webvpn the default method has to be correct and topmost, as mentioned here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008055641a.shtml#webfail

If possble run debugs for RA users too find out the exact problem. As seen on this link, Cisco does not even change the default method:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800c3917.shtml

Regards

Farrukh

111
Views
0
Helpful
1
Replies