Re: Want to enable aaa-server authentication using radius for a

sguerrero · ‎07-21-2003

I am using VPN client version 2, and it works fine, except that vpn client connects directly to the network and I need an extra authentication. Already enabled Radius server in one internal server and enabled aaa-server Radius protocol radius

aaa-server Radius (inside) host ip-address-of-server using-radius secretkey timeout 10,

but is not working, client connects the same way and no traffic is required from pix to radius server.

What else do I have to configured in client, pix and server in order to work with Radius and authenticate before accessing network?

Thanks,

gfullage · ‎07-21-2003

You have to map the crypto functions within the PIX to the Radius server, just defining the Radius server isn't enough. Add the command:

> crypto map client authentication Radius

and you should be good to go. See http://www.cisco.com/warp/public/110/cvpn3k_pix_ias.html for an example.

sguerrero · ‎07-23-2003

Thanks for the information, actually I had already applied this line, authentication is performed in a non regular way, because sometimes I am able to authenticate and some others, I am not asked for the ID and password configured in Radius server. So the service is not working 100%. What other sugestion do you have? I saw some documentation where it says that we have to apply a kind of access list. Do I have to apply it?

The sintax was:

aaa authentication include tcp/0 outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

Thanks again.

Want to enable aaa-server authentication using radius for a VPN connection.