We currently have a 3725 router that controls our remtoe dialup service. It is only used by a few remote users that do not have internet access. They currently authenticate via radius against our AD.
Is there a way on the router to look at all incoming calls that were made ?
Also is there a way to generate a syslog event for each dialup user that connects in ?
Any help would be appreciated.
If you use Radius for authentication it can be wise to use the accounting of that too. SO you can see who and when connected to the router through ppp. Furthermore you can also log the amoutn of traffic generated by the particular user.
Hope it helps,
Add the followings:
aaa accounting network default start-stop group radius
aaa accounting resource default start-stop group radius
Hope it helps, rate if does
You say you are using 3725 router for remote dialup service, please can you confirm what radius server you are using...as i am interested in setting this up for my users.
We want to use RSA ACE server then get users to login to AD to access internal resources.
Any configuration help would be good.
I have configured routers to support remote dialup service and to authenticate users with RSA tokens. Part of the difficulty in this is that there is not a protocol that works for authentication directly from the Cisco router to the RSA ACE server. What I have done is to configure the Cisco router to do aaa authentication with either Radius or TACACS and to have the Radius or TACACS server then send the authentication request to RSA ACE. I have done it with both Radius and with TACACS and they both work fine.
I can get the authentication part to work no problem from a cisco router to the RSA ACE server.
once i type in my AD username/passcode (pin+tokencode) i get authenticated by ACE but then the client dialup windows showing username/password justs sits there....router then drops the async connection.
I did however not that i get no PPP communication betweeen client and the router which does concern me...
I can show you my configuration just to compare what you have got to work. Maybe the only way to get this to work is to use another server in between router and ACE.
When you say that authentication works no problem, does that mean that you see logs on the RSA ACE server that show the authentication request and show that it was authenticated? Can you confirm successful authentication with the output of debug aaa authentication?
And do I understand correctly that you have this working correctly directly from the router to the RSA ACE server? I would be interested in seeing how you got this to work.
So posting your config might be helpful in seeing how you got the authentication to work and in seeing why the PPP communication is not successful.
Yes, the user can successfully be authenticated to the ACE server...
see below debug aaa authentication
017497: Dec 21 14:08:54.188: RADIUS/ENCODE: Best Local IP-Address 10.160.144.11 for Radius-Server 10.160.75.160
017498: Dec 21 14:08:54.188: RADIUS(000000C0): Send Access-Request to 10.160.75.160:1645 id 1645/82, len 100
017499: Dec 21 14:08:54.188: RADIUS: authenticator 33 61 55 2A 29 59 46 3D - 02 DF 28 D3 37 B0 B0 AA
017500: Dec 21 14:08:54.188: RADIUS: User-Name  9 "bhattii"
017501: Dec 21 14:08:54.188: RADIUS: User-Password  18 *
017502: Dec 21 14:08:54.188: RADIUS: NAS-Port  6 66
017503: Dec 21 14:08:54.188: RADIUS: NAS-Port-Id  8 "tty1/0"
017504: Dec 21 14:08:54.188: RADIUS: NAS-Port-Type  6 Async 
017505: Dec 21 14:08:54.188: RADIUS: Calling-Station-Id  7 "async"
017506: Dec 21 14:08:54.188: RADIUS: Connect-Info  20 "33600 V34/V44/LAPM"
017507: Dec 21 14:08:54.188: RADIUS: NAS-IP-Address  6 10.160.144.11
017508: Dec 21 14:09:04.208: RADIUS: Received from id 1645/82 10.160.75.160:1645, Access-Accept, len 50
017509: Dec 21 14:09:04.208: RADIUS: authenticator AC C7 DC A2 AB F1 69 AD - 69 BE 4B 7F 9F 3C A4 8C
017510: Dec 21 14:09:04.208: RADIUS: Reply-Message  21
017511: Dec 21 14:09:04.208: RADIUS: 50 41 53 53 43 4F 44 45 20 41 63 63 65 70 74 65 [PASSCODE Accepte]
017512: Dec 21 14:09:04.208: RADIUS: 64 0D 0A [d??]
017513: Dec 21 14:09:04.208: RADIUS: User-Name  9 "bhattii"
017514: Dec 21 14:09:04.208: RADIUS(000000C0): Received from id 1645/82
The debug output does show successful authentication using the Radius protocol.
If the PPP session does not establish perhaps you can post the appropriate parts of the config?