Re: Pix 515 E and Windows Radius Server

jmacdonald · ‎05-31-2003

I am running a Pix 515E ver 6.22 and PDM 2.1. Presently am using Radius authentication for PDM access and SSH/Telnet. Also Radius for VPN clients Cisco 3.6. The problem I am experiencing is when my Windows 2000 DC/GC that is also the Radius Server is rebooted the Pix automatically starts denying all connections and I have to reboot the Pix in order for it to start allowing connections/traffic to flow. I had assumed that even though the Radius Server was not available to the Pix it would still keep working just not allow PDM or SSH access. Has anyone come across this before?

Thanks,

John

shannong · ‎05-31-2003

Are you using [aaa authentication] for anything besides enable|console|http?

jmacdonald · ‎05-31-2003

I am using AAA for SSH,HHTP/HTTPS and Radius for VPN clients.

shannong · ‎06-01-2003

Can you provide the output of your [aaa] statements?

mhoda · ‎05-31-2003

Hi,

When MS IAS is down, what doesn't work? Is it the pass-thru traffic or the vpn traffic not working ? Are you running any authentication for pass-thru traffic as well? What does it show in the syslog when this problem occurs?

Please elaborate this more so that we can assist you. Thanks,

Mynul

jmacdonald · ‎06-01-2003

When my Server is rebooted which is also my syslog server (could that be it?) the logging stops and no entries show up until it restarts. However looking on the PDM which remains accessible the PDM log shows Pix Denying Connections until after it is rebooted.

Here is what my AAA shows;

sh aaa

aaa authentication http console RADIUS

aaa authentication ssh console RADIUS

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host Server ****** timeout 5

aaa-server LOCAL protocol local

aaa authentication http console RADIUS

aaa authentication ssh console RADIUS

http server enable

Thanks again for your help,

John