I am running a Pix 515E ver 6.22 and PDM 2.1. Presently am using Radius authentication for PDM access and SSH/Telnet. Also Radius for VPN clients Cisco 3.6. The problem I am experiencing is when my Windows 2000 DC/GC that is also the Radius Server is rebooted the Pix automatically starts denying all connections and I have to reboot the Pix in order for it to start allowing connections/traffic to flow. I had assumed that even though the Radius Server was not available to the Pix it would still keep working just not allow PDM or SSH access. Has anyone come across this before?
When MS IAS is down, what doesn't work? Is it the pass-thru traffic or the vpn traffic not working ? Are you running any authentication for pass-thru traffic as well? What does it show in the syslog when this problem occurs?
Please elaborate this more so that we can assist you. Thanks,
When my Server is rebooted which is also my syslog server (could that be it?) the logging stops and no entries show up until it restarts. However looking on the PDM which remains accessible the PDM log shows Pix Denying Connections until after it is rebooted.
Here is what my AAA shows;
aaa authentication http console RADIUS
aaa authentication ssh console RADIUS
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host Server ****** timeout 5
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...