Re: Pix 7.0 with radius and vpn client

jnelen · ‎10-10-2007

Hello,

I want to authenticate vpn client with radius, it's working with pix 6.3 but with a pix 7.0, I have some difficulties :

if I test my radius connection with "test aaa-server authentication partnerauth"

It's working ...

INFO: Attempting Authentication test to IP address <*.*.*.*> (timeout: 12 seconds)

INFO: Authentication Successful

But with a vpn client, I have Remote peer has failed user authentication - check configured username and password

Any idea ?

Jagdeep Gambhir · ‎10-10-2007

When VPN clients fails , do you see any hits on Radius server ? Please try increasing radius timeout and see if that makes any difference.

Regards,

~JG

jnelen · ‎10-11-2007

Yes, I see it.

The authentication by radius server is accepted and granted with the test command but not with the vpn client.

The request to the radius server are different and I don't why ...

The test command

rad_recv: Access-Request packet from host *.*.*.*:1025, id=98, length=91

User-Name = "test"

User-Password = "*****"

NAS-IP-Address = *.*.*.*

NAS-Port-Type = Virtual

Cisco-AVPair = "ip:source-ip=000.000.000.000"

The vpn client

rad_recv: Access-Request packet from host *.*.*.*:1025, id=99, length=155

User-Name = "test"

User-Password = "******"

NAS-Port = 7

Service-Type = Framed-User

Framed-Protocol = PPP

Called-Station-Id = "*.*.*.*"

Calling-Station-Id = "*.*.*.*"

Tunnel-Client-Endpoint:0 = "*.*.*.*"

NAS-IP-Address = *.*.*.*

NAS-Port-Type = Virtual

Cisco-AVPair = "ip:source-ip=*.*.*.*"