Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Not able to configure Radius authentication

Hello,

I configured 1800 router for radius authentication for remote users but when connecting from remote client it is not connecting. I Used ccp to configure as this router initialy configurred with ccp so don't want to break anything else as there are two site to site vpns are connected.

there are two VPN groups

InterkabVPN is with local database (this is working ok)

InterkabRemote with radius (not working)

Please see the attached config file

8 REPLIES

Not able to configure Radius authentication

Hello Hasrat,

Please remove the configuration file attached to the case, it includes sensitive information about your Router.

What if you run an AAA test to the RADIUS server?

Example:

# test aaa group radius server 192.168.1.3 username password legacy

HTH.

- Javier

Hall of Fame Super Gold

Not able to configure Radius authentication

When I have configured routers to use Radius for authentication part of the configuration was a shared secret key. I do not see any configuration of a key shared with the Radius server in your config.

HTH

Rick

Not able to configure Radius authentication

Hasrat is certainly using the old syntax, but the command is there:

radius-server host 192.168.1.3 auth-port 1645 acct-port 1646 key 7 02470A4F581424016E78191741

Configuring Router to RADIUS Server Communication

- Javier

Hall of Fame Super Gold

Re: Not able to configure Radius authentication

I am not clear what is going on with that config file. But this is what was in the copy of the file at the point where I accessed it

!
aaa group server radius radiusserver
server 192.168.1.3 auth-port 1645 acct-port 1646
!

HTH

Rick

[edit] feeling slightly embarassed having looked harder and realizing that there are two different sections of the config where he configures the Radius server. There is the one early in the config which has no key and the one near the bottom which does have the key. Sorry for the confusion.

Not able to configure Radius authentication

Not a problem, that happens!

New Member

Not able to configure Radius authentication

thanks for your input guys I will get these things checked

New Member

Not able to configure Radius authentication

When I do debug crypto isakmp aaa

i got following output

*Mar  6 12:17:44.120: ISAKMP AAA: NAS Port Id is set to x.x.x.x

*Mar  6 12:17:44.120: ISAKMP:(0):AAA: Nas Port ID set to x.x.x.x.

*Mar  6 12:17:44.120: ISAKMP/aaa: unique id = 240

*Mar  6 12:17:44.152: ISAKMP:(0):ISAKMP/tunnel: setting up tunnel InterkabRemote pw request

*Mar  6 12:17:44.152: ISAKMP:(0):ISAKMP/tunnel: Tunnel InterkabRemote PW Request successfully sent to AAA

*Mar  6 12:17:44.224: ISAKMP:(0):ISAKMP/tunnel: received callback from AAA

*Mar  6 12:17:44.224: ISAKMP/tunnel: AAA lookup failed, random PSK chosen

*Mar  6 12:17:44.324: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from x.x.x.x was not encrypted and it should've been.

*Mar  6 12:17:44.328: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from x.x.x.x was not encrypted and it should've been.

Hall of Fame Super Gold

Not able to configure Radius authentication

I wonder about this line of output

ISAKMP/tunnel: AAA lookup failed, random PSK chosen

Would you post the output of show radius?

HTH

Rick

172
Views
0
Helpful
8
Replies
CreatePlease to create content