02-14-2008 09:01 PM - edited 03-10-2019 03:39 PM
I am setting up a 2801 router for Cisco clients to connect to and working on getting it to work with IAS server. I've been looking at lots of configuration examples and see that I can do isakmp authorization to Radius but can't get it to work. I have crypto map xxyy client authentication working to Radius but crypto map xxyy isakmp authorization isn't working - I can only get connections by setting it to local. I've read a bunch of different guides on aaa but I'm not sure what the benefit of the authorization part is. It almost seems like this is backward ex: the shared key authenticates and then if your username is valid and set to accept dial-in in Active Directory then you are "authorized" - what am I missing? and what is being "authorized" if there are no local users on the router but it is doing isakmp authorization to a local list?
Thanks to anyone who can give me some insight on this!
02-15-2008 05:49 AM
Dan
I do not believe that I have seen aaa authorization to Radius for VPN sessions. I do not see any useful reason to do this.
HTH
Rick
02-15-2008 07:44 AM
Thanks, I did see a configuration guide (Cisco) that was for Radius authentication but had a link to an almost identical guide that included authorization as well. I'm going to proceed without the authorization because I think you've validated what I already thought but I'd love to understand more about what would be possible using authorization as well. The best I've been able to find are some blogs and I'm not convinced the blog authors are always using the terminology correctly. Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide