Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

RADIUS authentication for VPN users

I'm trying to authenticate users on our VPN concentrator to use our Windows 2003 IAS RADIUS server but am having no luck.

If I goto Configuration > system > servers > authentication and test my Active Directory account it fails.

I am sure i have configured my IAS RADIUS server correctly, can anyone guide or help via this post or email?

let me know what info you need posted and I'll get straight back to you, I'm sure this can be done?

4 REPLIES
New Member

Re: RADIUS authentication for VPN users

Hi Whiteford, r u using ASDM, somewhere somehow the authentication will fail if you are using the Test button key , make sure

you add the domain with the username when you are testing

username@domain

password

give it a try

of

DOMAIN\user

password

New Member

Re: RADIUS authentication for VPN users

Still no luck the test button still fails, is there a tool I can test RADIUS with? ADSM? I only use that for a PIX not a concentrator.

What info can I give you, or can you give me?

I just want to allow a certain Active Directory security group VPN access via ISA RADIUS.

Hope you can help

Re: RADIUS authentication for VPN users

I use 2003 AD/IAS for both ASA SSL and PIX IPSec VPN Client remote access but I haven't tried VPN Concentrator.

One setting to remember when creating account in 2003 AD, in the Dial-In tab under Remote Access Dial-in [or VPN] select "Allow Access", by default this is "Deny Access".

New Member

Re: RADIUS authentication for VPN users

Here's how i set it up (PIX and ASA):

Windows 2003 Ent. IAS

Radius Clients:

Address: Internal IP Adress

Protocol: RADIUS

Type: RADIUS Standard

Request must contain ... attribute: disabled

Shared Secret: examplekey

Remote Access Policies:

Name: VPN Device

Conditions: (all AND)

Day-and-Time-Restrictions matches: full week

Windows-Groups-Matches:

NAS-IP-Address matches:

PIX/ASA:

AAA Server Groups:

Server Group RADIUS:

Server Name:

Interface Name: Inside

Timeout: 5 sec's

Server Authentication Port: 1645

Server accounting port: 1646

Retry Interval: 10 sec's

Server Secret Key: examplekey

common password:

ACL Netmask Convert: Standard

Then when i select the Radius Server and click Test> Authentication i can successfully authenticate accounts which are member of the AD group specified for

For diverse reasons i use 2 IAS servers on our network, but you have to keep them in sync manually.

Kind regards, hope it helps

146
Views
0
Helpful
4
Replies
CreatePlease to create content