Using a 3825 router to set up incoming VPN connection using the Cisco VPN client. I would like group auth to be done on the router, and user auth using radius, in this case an IAS server.
The problem is that the router is sending groupauth to the IAS server, which of course denies it. So, communication between the router and IAS server is fine, it's just what is being sent.
Our group name is remote, and it sends domain\remote as the username to the IAS server. Key exchange needs to be handled by the router, and then when the user enters their domain user/pass, it's sent to the IAS server.
Below is the relvant config. I feel like I am close, but am missing something obvious. Thanks in advance for taking a look and/or referring me to relevant config references.
aaa group server radius VPNAccess
server 188.8.131.52 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authorization network groupauthor group VPNAccess
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...