Solved: AAA authentication : Not configured - Page 2

Thomas Grassi · ‎01-19-2012

I have cisco 851 using ccp to configure EASY VPN

I click on TEST VPN SERVER then click start the status shows successfull

when I tried to connect a client I get mm_no_state

When I reviewed the report from the test I found

AAA authentication : Not configured

My AAA

aaa new-model

!

aaa authentication login tgcsusers local

aaa authorization network tgcsvpn local

!

aaa session-id common

I also attached my config

Any ideas or thoughts?

Need to get my client working.....

Thomas R Grassi Jr

rizwanr74 · ‎01-20-2012

once you login to vpn from outside via the internet, you can open a RDP session to login into domain controller.

I assume, you provided domain username and password and vpn authenction successfully went thought via MS Radius Server, right?

I do not get it, why you need vpn access from inside?

Thomas Grassi · ‎01-21-2012

can you try again? the userid and password I sent you is a valid domain user id now

see if you can get logged onto the domain

screen shots would be great

RDP is that remote desktop?

Wanted inside vpn access only for testing. If I use my laptop on my wireless would that work?

I will be here for about 3 more hours

Thanks

Tom

Thomas R Grassi Jr

rizwanr74 · ‎01-21-2012

your vpn is setup for login from internet, once you have vpin in, you will complete access to your inside network.

As you could see, that I was able to ping your inside hosts, as if my computer is physcially connected to your inside network.

I am connected now at this very moment to your network.

at 11:37AM EST Jan 21 2012.

rizwanr74 · ‎01-21-2012

your DC name is: TGCS002

I was being prompt for login cridential, when RDP.

Thomas Grassi · ‎01-21-2012

great thanks

Could you show me a screen shot of the RDP I would like to see what it looks like

I found the log file on the server INxxxxx.log

But only one entry in the file

Any way to see who connects and how often?

I setup up the log file on the IAS sever and checked all options

Tom

Thomas R Grassi Jr

rizwanr74 · ‎01-21-2012

a RDP session is looks exactly like you are console into a Windows box in front of a monitor.

You can see the log on the router to see who is being authenticated by issuing this "show log"

To start RDP console, issue this command on Run menu on Windows: mstsc

Good luck to with your Windows stuffs.

Take Care

Thanks

Rizwan Rafeek

Thomas Grassi · ‎01-22-2012

Thanks for all your help

I did a show log

MyRouter#show log
Syslog logging: enabled (1 messages dropped, 2 messages rate-limited,
                1 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 3286 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 2754 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level warnings, 14 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level informational, 113 message lines logged

Log Buffer (51200 bytes):

*Mar 1 00:00:08.411: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:08:29.803: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:08:30.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to up
*Mar 1 00:08:30.983: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to up
*Mar 1 00:08:30.987: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to up
*Mar 1 00:08:30.991: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
Jan 12 18:28:50.233: %RADIUS-4-SERVREF: Warning: Server 192.168.69.15:1645,1646
is still referenced by server group.
Jan 14 19:05:00.613: %RADIUS-4-SERVREF: Warning: Server 192.168.69.15:1812,1812
is still referenced by server group.
Jan 17 00:25:39.553: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.69.15:1812,181
2 is not responding.
Jan 17 00:25:39.553: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.69.15:1812,18
12 has returned.
Jan 17 03:14:57.268: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.69.15:1812,181
2 is not responding.
Jan 17 03:14:57.268: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.69.15:1812,18
12 has returned.
Jan 17 03:22:53.841: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.69.15:1812,181
2 is not responding.
Jan 17 03:22:53.841: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.69.15:1812,18
12 has returned.
MyRouter#

But I do not see any vpn client info I see radius info

How can i tell how many clients accessed my vpn etc

Tom
MyRouter#
MyRouter#

Thomas R Grassi Jr

rizwanr74 · ‎01-23-2012

I believe, it will show with below command.

show crypto isakmp sa

Thomas Grassi · ‎01-24-2012

Thanks I know about that command

Show crypto isaakmp sa will only show you active connections

I am looking for a way to see the history of who was connected and when

the INxxxx.log file on the server running IAS has nly one entry in it after I get some more testing done maybe it will have what I am looking for

Thomas R Grassi Jr

rizwanr74 · ‎01-24-2012

I guess, that information pertains to Windows box, please do little research you may be able to find proper log entry on Windows box, who login information.

Please rate any help post on this thread.

Thanks

Rizwan Rafeek