05-28-2004 02:25 AM - edited 02-21-2020 01:11 PM
I have this set-up
LAN---ROUTER---WWW
I have a new router and tested the IOS VPN server with VPN Client 4.0
with the settings below I was able to establish a
vpn connection using local database
aaa authentication login USERAUTHEN local
aaa authorization network GROUPAUTHOR local
but setting the following
aaa authentication login USERAUTHEN group radius
aaa authorization network GROUPAUTHOR local
I was not able to establish a VPN connection
The Radius is working fine since my PIX is using also XAUTH and was able to connect
I already add the client in my win2k03 IAS server 2600 as a new client with key cisco.
I still cannot connect please help
!
username cisco privilege 15 password 0 cisco
aaa new-model
!
!
aaa authentication login USERAUTHEN local
aaa authorization network GROUPAUTHOR local
aaa session-id common
ip subnet-zero
!
!
!
!
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN_GROUP
key cisco123
dns 210.80.X.210
wins 192.168.1.254
pool IP_POOL
!
!
crypto ipsec transform-set MY_SET esp-3des esp-sha-hmac
!
crypto dynamic-map DYN_MAP 10
set transform-set MY_SET
!
!
crypto map CLIENT_MAP client authentication list USERAUTHEN
crypto map CLIENT_MAP isakmp authorization list GROUPAUTHOR
crypto map CLIENT_MAP client configuration address respond
crypto map CLIENT_MAP 10 ipsec-isakmp dynamic DYN_MAP
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.100 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.47.100 255.255.255.0
duplex auto
speed auto
crypto map CLIENT_MAP
!
ip local pool IP_POOL 192.168.3.1 192.168.3.100
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 key cisco
!
====================
05-28-2004 06:37 AM
What IP address did you use when adding the vpn router to the RADIUS server? If you used a hostname instead, what ip address does the hostname resolve to. I noted that the radius server resides off of the 192.168.1.0/24 network, so it could be that the router is using the fa0/0 ip address, but the win isa server is expecting another.
I would look there first. If the address is defined correctly, then double check the keys, and then turn on aaa debugging on the 2600 to see what messages appear during the x-auth for vpn users.
Let me know what you find.
05-30-2004 07:08 PM
Hi,
Its so puzzling, I just reboot the router and it worked. IOS is sometimes crazy.
Best regards,
RJ
06-01-2004 04:31 AM
What model of router and what version of code are you running?
I am glad to see that it is working now, but I found it odd that a reboot fixed the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide