Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 515 E and Windows Radius Server

I am running a Pix 515E ver 6.22 and PDM 2.1. Presently am using Radius authentication for PDM access and SSH/Telnet. Also Radius for VPN clients Cisco 3.6. The problem I am experiencing is when my Windows 2000 DC/GC that is also the Radius Server is rebooted the Pix automatically starts denying all connections and I have to reboot the Pix in order for it to start allowing connections/traffic to flow. I had assumed that even though the Radius Server was not available to the Pix it would still keep working just not allow PDM or SSH access. Has anyone come across this before?

Thanks,

John

  • Other Security Subjects
5 REPLIES
Silver

Re: Pix 515 E and Windows Radius Server

Are you using [aaa authentication] for anything besides enable|console|http?

New Member

Re: Pix 515 E and Windows Radius Server

I am using AAA for SSH,HHTP/HTTPS and Radius for VPN clients.

Silver

Re: Pix 515 E and Windows Radius Server

Can you provide the output of your [aaa] statements?

Silver

Re: Pix 515 E and Windows Radius Server

Hi,

When MS IAS is down, what doesn't work? Is it the pass-thru traffic or the vpn traffic not working ? Are you running any authentication for pass-thru traffic as well? What does it show in the syslog when this problem occurs?

Please elaborate this more so that we can assist you. Thanks,

Mynul

New Member

Re: Pix 515 E and Windows Radius Server

When my Server is rebooted which is also my syslog server (could that be it?) the logging stops and no entries show up until it restarts. However looking on the PDM which remains accessible the PDM log shows Pix Denying Connections until after it is rebooted.

Here is what my AAA shows;

sh aaa

aaa authentication http console RADIUS

aaa authentication ssh console RADIUS

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host Server ****** timeout 5

aaa-server LOCAL protocol local

aaa authentication http console RADIUS

aaa authentication ssh console RADIUS

http server enable

Thanks again for your help,

John

130
Views
0
Helpful
5
Replies
This widget could not be displayed.