Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX IPsec Xauth to W2K IAS Radius Server

Has anyone had any luck getting this working? I followed the guidelines at http://www.cisco.com/warp/public/110/pixcryaaa52.html

but when I am prompted for the radius user/pass it fails. I checked the event logs and there's 2 entries... one that says successfully granted access, and then another at the same time saying that the username or password is wrong. I tried just using Radius authentication without IPSec, and it works. Anyone know what may be the problem?

5 REPLIES
New Member

Re: PIX IPsec Xauth to W2K IAS Radius Server

It’s possible the PIX already cached the unsuccessful attempt. Try clearing the uauth table in the PIX and trying again.

New Member

Re: PIX IPsec Xauth to W2K IAS Radius Server

We have cleared the uauth table. We are trying to use the vpn 3000 2.5 client. Has anyone used this client with extended authorization to a 2000/radius server?

New Member

Re: PIX IPsec Xauth to W2K IAS Radius Server

The only issue I ran into was that you need to set IAS to allow unencrypted passwords.

New Member

Re: PIX IPsec Xauth to W2K IAS Radius Server

How do you give user and password. The only way it works is giving the domain/user and the password. Withouth the domain the authentication fails

New Member

Re: PIX IPsec Xauth to W2K IAS Radius Server

You shouldn't have to use the DOMAIN\user syntax using xauth to IAS. Just create a rule like users with remote dial-in enabled are allowed.

162
Views
0
Helpful
5
Replies
CreatePlease login to create content