05-31-2006 12:26 AM - edited 03-10-2019 02:36 PM
HI
I have a problem with my configuration. can someone help.
I have a freeradius, pix and vpn client and i install the radius to authenticate the vpn users. i tested the authentication from the pix to the radius OK but if I want the vpn user to authenticate, after doing tcpdump on the radius server I can see the request coming from the pix but the request cannot go back to the pix. can someone help.
NB: I can authenticate the ssh connection but not the vpn.
thanks
-------------
carrel
---------------------- part of the configuration concerning my pb -------------
aaa-server RADIUS protocol radius
aaa-server RADIUS host 192.168.1.40
retry-interval 2
timeout 2
key vpn
authentication-port 1812
accounting-port 1813
!
aaa authentication ssh console RADIUS
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map vpn 20 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic vpn
crypto map outside_map interface outside
crypto map outside_map client authentication RADIUS
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
ip local pool staffpool 10.33.11.1-10.33.11.254
vpngroup groupstaff address-pool staffpool
vpngroup groupstaff password **********
----------------------------------
the log is attached
,
06-06-2006 05:41 AM
Try:
upgraded to 6.3.4
Upgrading Software for the Cisco Secure PIX Firewall and PIX Device Manager:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008010a206.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide