Re: Help PIX and freeradius

cyakpovi · ‎05-31-2006

HI

I have a problem with my configuration. can someone help.

I have a freeradius, pix and vpn client and i install the radius to authenticate the vpn users. i tested the authentication from the pix to the radius OK but if I want the vpn user to authenticate, after doing tcpdump on the radius server I can see the request coming from the pix but the request cannot go back to the pix. can someone help.

NB: I can authenticate the ssh connection but not the vpn.

thanks

-------------

carrel

---------------------- part of the configuration concerning my pb -------------

aaa-server RADIUS protocol radius

aaa-server RADIUS host 192.168.1.40

retry-interval 2

timeout 2

key vpn

authentication-port 1812

accounting-port 1813

!

aaa authentication ssh console RADIUS

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map vpn 20 set transform-set ESP-AES-256-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic vpn

crypto map outside_map interface outside

crypto map outside_map client authentication RADIUS

isakmp enable outside

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption aes-256

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

ip local pool staffpool 10.33.11.1-10.33.11.254

vpngroup groupstaff address-pool staffpool

vpngroup groupstaff password **********

----------------------------------

the log is attached

,

Report Inappropriate Content · ‎06-06-2006

Try:

upgraded to 6.3.4

Upgrading Software for the Cisco Secure PIX Firewall and PIX Device Manager:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008010a206.shtml