Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
3
Replies

Need help in IOS VPN Server with XAuth

r.docuyanan
Level 1
Level 1

‎05-28-2004 02:25 AM - edited ‎02-21-2020 01:11 PM

I have this set-up

LAN---ROUTER---WWW

I have a new router and tested the IOS VPN server with VPN Client 4.0

with the settings below I was able to establish a

vpn connection using local database

aaa authentication login USERAUTHEN local

aaa authorization network GROUPAUTHOR local

but setting the following

aaa authentication login USERAUTHEN group radius

aaa authorization network GROUPAUTHOR local

I was not able to establish a VPN connection

The Radius is working fine since my PIX is using also XAUTH and was able to connect

I already add the client in my win2k03 IAS server 2600 as a new client with key cisco.

I still cannot connect please help

!

username cisco privilege 15 password 0 cisco

aaa new-model

!

!

aaa authentication login USERAUTHEN local

aaa authorization network GROUPAUTHOR local

aaa session-id common

ip subnet-zero

!

!

!

!

ip audit notify log

ip audit po max-events 100

ip ssh break-string

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group VPN_GROUP

key cisco123

dns 210.80.X.210

wins 192.168.1.254

pool IP_POOL

!

!

crypto ipsec transform-set MY_SET esp-3des esp-sha-hmac

!

crypto dynamic-map DYN_MAP 10

set transform-set MY_SET

!

!

crypto map CLIENT_MAP client authentication list USERAUTHEN

crypto map CLIENT_MAP isakmp authorization list GROUPAUTHOR

crypto map CLIENT_MAP client configuration address respond

crypto map CLIENT_MAP 10 ipsec-isakmp dynamic DYN_MAP

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.100 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.0.47.100 255.255.255.0

duplex auto

speed auto

crypto map CLIENT_MAP

!

ip local pool IP_POOL 192.168.3.1 192.168.3.100

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

ip http server

ip http authentication local

ip http secure-server

!

!

!

!

radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 key cisco

!

====================

Labels:
0 Helpful
3 Replies 3

ehirsel
Level 6
Level 6

‎05-28-2004 06:37 AM

What IP address did you use when adding the vpn router to the RADIUS server? If you used a hostname instead, what ip address does the hostname resolve to. I noted that the radius server resides off of the 192.168.1.0/24 network, so it could be that the router is using the fa0/0 ip address, but the win isa server is expecting another.

I would look there first. If the address is defined correctly, then double check the keys, and then turn on aaa debugging on the 2600 to see what messages appear during the x-auth for vpn users.

Let me know what you find.

0 Helpful

r.docuyanan
Level 1
Level 1
In response to ehirsel

‎05-30-2004 07:08 PM

Hi,

Its so puzzling, I just reboot the router and it worked. IOS is sometimes crazy.

Best regards,

RJ

0 Helpful

ehirsel
Level 6
Level 6
In response to r.docuyanan

‎06-01-2004 04:31 AM

What model of router and what version of code are you running?

I am glad to see that it is working now, but I found it odd that a reboot fixed the issue.

0 Helpful
Customers Also Viewed These Support Documents