https://community.cisco.com/t5/network-security/pix-not-using-radius/m-p/395274#M553697 <HTML><HEAD></HEAD><BODY><P>Dave,</P><P></P><P>Are you trying to authenticate PDM access and/or SSH access via RADIUS.</P><P></P><P>Your PDM config looks fine to me. What ports does your RADIUS server listen on, if its not 1645 and 1646 then you need to tell the PIX to use different ports</P><P></P><P>e.g. "aaa-server radius-authport 1812" and "aaa-server radius-acctport 1813".</P><P></P><P>Also i would check that you are using the correct key (7140) on both your PIX and RADIUS server.</P><P></P><P>If you are trying to authenticate SSH via RADIUS then your configuration is set to authenticate SSH locally.</P><P></P><P>You need to change this to</P><P></P><P>aaa authentication ssh console RADIUS</P><P></P><P>Thanks</P><P>PD</P></BODY></HTML> Fri, 17 Dec 2004 20:11:10 GMT paddyxdoyle 2004-12-17T20:11:10Z https://community.cisco.com/t5/network-security/pix-not-using-radius/m-p/395273#M553695 <P>I have configured my PIX to use our radius server for authentication, but it still only uses the local access for authentication. Can some one have a look at my config?</P><P></P><P>pdm location 10.254.254.5 255.255.255.255 inside</P><P>route inside 10.254.254.5 255.255.255.0 10.1.1.102 1</P><P>aaa-server RADIUS protocol radius </P><P>aaa-server RADIUS max-failed-attempts 3 </P><P>aaa-server RADIUS deadtime 10 </P><P>aaa-server RADIUS (inside) host 10.254.254.5 7140 timeout 10</P><P>aaa-server LOCAL protocol local </P><P>aaa authentication http console RADIUS</P><P>aaa authentication ssh console LOCAL</P><P></P><P>Dave</P> Fri, 21 Feb 2020 07:48:52 GMT https://community.cisco.com/t5/network-security/pix-not-using-radius/m-p/395273#M553695 vanagon2tdi 2020-02-21T07:48:52Z https://community.cisco.com/t5/network-security/pix-not-using-radius/m-p/395274#M553697 <HTML><HEAD></HEAD><BODY><P>Dave,</P><P></P><P>Are you trying to authenticate PDM access and/or SSH access via RADIUS.</P><P></P><P>Your PDM config looks fine to me. What ports does your RADIUS server listen on, if its not 1645 and 1646 then you need to tell the PIX to use different ports</P><P></P><P>e.g. "aaa-server radius-authport 1812" and "aaa-server radius-acctport 1813".</P><P></P><P>Also i would check that you are using the correct key (7140) on both your PIX and RADIUS server.</P><P></P><P>If you are trying to authenticate SSH via RADIUS then your configuration is set to authenticate SSH locally.</P><P></P><P>You need to change this to</P><P></P><P>aaa authentication ssh console RADIUS</P><P></P><P>Thanks</P><P>PD</P></BODY></HTML> Fri, 17 Dec 2004 20:11:10 GMT https://community.cisco.com/t5/network-security/pix-not-using-radius/m-p/395274#M553697 paddyxdoyle 2004-12-17T20:11:10Z https://community.cisco.com/t5/network-security/pix-not-using-radius/m-p/395275#M553700 <HTML><HEAD></HEAD><BODY><P>I believe you also need a "aaa new-server" command at the top.</P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Sat, 18 Dec 2004 04:13:13 GMT https://community.cisco.com/t5/network-security/pix-not-using-radius/m-p/395275#M553700 scottmac 2004-12-18T04:13:13Z