I have IPSEC VPN clients terminating on the outside interface of a PIX 515 with a crypto map defined (crypto map mymap client auth test ) that attempts to authenticate the user using XAUTH to an inside Windows 2000 IAS Radius server.
When I try to connect from a remote VPN 3000 (3.5a) client, I am not prompted for username and password. It's as if the PIX cannot talk to the IAS Radius server.
If I disable the crypto map mymap client auth, the VPN connection is established without problems.
On the PIX, the log shows that it is constantly "ISAKMP (0): retransmitting phase 2..."
As a note, the inside interface of the PIX must talk to a Cisco 2621 in order to get to the true inside network. The Cisco 2621 has no access lists defined. The IAS Radius server exists behind the Cisco 2621.
Here is the actual setup:
IAS Radius Server ----- Cisco 2621 ---- Cisco PIX 515 --- Another Cisco 2621
I had this working without either Cisco 2621 in place. Now I'm not sure what's going on.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...