05-31-2003 02:04 PM - edited 02-20-2020 10:46 PM
I am running a Pix 515E ver 6.22 and PDM 2.1. Presently am using Radius authentication for PDM access and SSH/Telnet. Also Radius for VPN clients Cisco 3.6. The problem I am experiencing is when my Windows 2000 DC/GC that is also the Radius Server is rebooted the Pix automatically starts denying all connections and I have to reboot the Pix in order for it to start allowing connections/traffic to flow. I had assumed that even though the Radius Server was not available to the Pix it would still keep working just not allow PDM or SSH access. Has anyone come across this before?
Thanks,
John
05-31-2003 02:08 PM
Are you using [aaa authentication] for anything besides enable|console|http?
05-31-2003 02:12 PM
I am using AAA for SSH,HHTP/HTTPS and Radius for VPN clients.
06-01-2003 07:05 AM
Can you provide the output of your [aaa] statements?
05-31-2003 10:10 PM
Hi,
When MS IAS is down, what doesn't work? Is it the pass-thru traffic or the vpn traffic not working ? Are you running any authentication for pass-thru traffic as well? What does it show in the syslog when this problem occurs?
Please elaborate this more so that we can assist you. Thanks,
Mynul
06-01-2003 07:48 AM
When my Server is rebooted which is also my syslog server (could that be it?) the logging stops and no entries show up until it restarts. However looking on the PDM which remains accessible the PDM log shows Pix Denying Connections until after it is rebooted.
Here is what my AAA shows;
sh aaa
aaa authentication http console RADIUS
aaa authentication ssh console RADIUS
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host Server ****** timeout 5
aaa-server LOCAL protocol local
aaa authentication http console RADIUS
aaa authentication ssh console RADIUS
http server enable
Thanks again for your help,
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide