05-15-2003 07:04 AM - edited 02-21-2020 12:32 PM
I have a PIX setup as a VPN server for remote access users. I have it configured for the Cisco Client and for Microsoft using PPTP/MSCHAP. I have security set to authenticate via RADIUS. RADIUS works for the Microsoft client and authenticates fine. Using the cisco client, the client establishes the connection with the PIX, and then the pop up window asking for the credentials to pass to RADIUS is displayed. It fails authentication every time. Any ideas?
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication RADIUS
crypto map outside_map interface inside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup group1 address-pool sapool
vpngroup group1 dns-server 192.168.1.70
vpngroup group1 wins-server 192.168.1.5
vpngroup group1 idle-time 1800
vpngroup group1 password ********
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 192.168.1.7 123 timeout 10
05-16-2003 04:44 AM
I have the same problem. I authenticate fine to the PIX, yet my authentication to IAS fails. configs are very similar.
05-16-2003 01:23 PM
You have to enable "dial in" in your domain sever for the users you want to give access.
Active Directory -> USER -> Dial-in -> Allow Access
Hope it helps.
JM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide