Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
0
Helpful
4
Replies

RADIUS authentication for VPN users

whiteford
Level 1
Level 1

‎07-11-2007 04:18 AM - edited ‎02-21-2020 10:18 AM

I'm trying to authenticate users on our VPN concentrator to use our Windows 2003 IAS RADIUS server but am having no luck.

If I goto Configuration > system > servers > authentication and test my Active Directory account it fails.

I am sure i have configured my IAS RADIUS server correctly, can anyone guide or help via this post or email?

let me know what info you need posted and I'll get straight back to you, I'm sure this can be done?

Labels:
0 Helpful
4 Replies 4

r.docuyanan
Level 1
Level 1

‎07-11-2007 08:44 AM

Hi Whiteford, r u using ASDM, somewhere somehow the authentication will fail if you are using the Test button key , make sure

you add the domain with the username when you are testing

username@domain

password

give it a try

of

DOMAIN\user

password

0 Helpful

whiteford
Level 1
Level 1
In response to r.docuyanan

‎07-11-2007 11:13 AM

Still no luck the test button still fails, is there a tool I can test RADIUS with? ADSM? I only use that for a PIX not a concentrator.

What info can I give you, or can you give me?

I just want to allow a certain Active Directory security group VPN access via ISA RADIUS.

Hope you can help

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to whiteford

‎07-31-2007 05:41 AM

I use 2003 AD/IAS for both ASA SSL and PIX IPSec VPN Client remote access but I haven't tried VPN Concentrator.

One setting to remember when creating account in 2003 AD, in the Dial-In tab under Remote Access Dial-in [or VPN] select "Allow Access", by default this is "Deny Access".

0 Helpful

j.vonk
Level 1
Level 1

‎07-31-2007 01:39 AM

Here's how i set it up (PIX and ASA):

Windows 2003 Ent. IAS

Radius Clients:

Address: Internal IP Adress

Protocol: RADIUS

Type: RADIUS Standard

Request must contain ... attribute: disabled

Shared Secret: examplekey

Remote Access Policies:

Name: VPN Device

Conditions: (all AND)

Day-and-Time-Restrictions matches: full week

Windows-Groups-Matches:

NAS-IP-Address matches:

PIX/ASA:

AAA Server Groups:

Server Group RADIUS:

Server Name:

Interface Name: Inside

Timeout: 5 sec's

Server Authentication Port: 1645

Server accounting port: 1646

Retry Interval: 10 sec's

Server Secret Key: examplekey

common password:

ACL Netmask Convert: Standard

Then when i select the Radius Server and click Test> Authentication i can successfully authenticate accounts which are member of the AD group specified for

For diverse reasons i use 2 IAS servers on our network, but you have to keep them in sync manually.

Kind regards, hope it helps

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents