AAA authentication using RADIUS

z-ahmed · ‎03-28-2006

Hiya,

I have an issue with a PIX 515E using radius authentication. What i am trying to achieve is to authenticate all users on the inside network when accessing any network on the outside. This firewall is not connected to the internet and is only being used for authentication as our remote site is a shared office space.

I am defining the traffic that needs to need authenticated using the include/exclude commands. What appears to be happening is that the request is sent to the radious server but no replys are being received. The radious server is also receiving multiple authentication requests in the logs on the ACE server.Also the tcp/0 under the "aaa authentication" statement, if removed then i get no authentication at all even though i have specified HTTP to be authenticated.

I have attached the config as i have it setup in the lab. Any suggestions would be appreciated.

aghaznavi · ‎04-04-2006

RADIUS and TACACS+ authentication can be done for FTP, Telnet, and HTTP connections through the Cisco Secure PIX Firewall. Authentication for other less common protocols are usually made to work. TACACS+ authorization is supported. RADIUS authorization is not supported. Changes in PIX 5.2 authentication, authorization, and accounting (AAA) over the earlier version include AAA access list support to control who is authenticated and what resources the user accesses. In PIX 5.3 and later, the authentication, authorization, and accounting (AAA) change over earlier versions of code is that the RADIUS ports are configurable.

http://www.cisco.com/en/US/tech/tk59/tsd_technology_support_troubleshooting_technotes_list.html