• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems ASA5540 and RADIUS problem

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date ASA5540 and RADIUS problem John Smith 05-30-08  Re: ASA5540 and RADIUS problem Morph 05-30-08  Re: ASA5540 and RADIUS problem Its me Earnest ... 05-30-08

Posted by John Smith on May 30, 2008, 3:42 am Please log in for more thread options Dear all, I run into a problem when trying to use a radius server (on Solaris) with ASA5540 for authentication (for RA vpn). In the appliance, I can test it with: # test aaa-server authentication my-aaa-gp host x.x.x.x username test password pass INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12) INFO: Authentication Successful With tcpdump, I got this: 15:25:42.850966 y.y.y.y.1025 > x.x.x.x..radius: rad-access-req 64 [id 37] Attr[ User Pass NAS_ipaddr [|radius] 15:25:42.851229 y.y.y.y..1025 > x.x.x.x.radius: rad-access-req 64 [id 37] Attr[ User Pass NAS_ipaddr [|radius] Now when I try to make a vpn connection from Vista, the authentication failed and tcpdump shown this: 15:36:15.536324 y.y.y.y.1025 > x.x.x.x.radius: rad-access-req 156 [id 39] Attr[ User NAS_port Service_type Framed_proto NAS_port_type [|radius] In ASA5540's log, there was an entry: AAA authentication server not accessible ... Can anyone what is going on here? Did I miss configure something? If yes, how come the "test aaa-server" works? Thanks in advance.

Posted by Morph on May 30, 2008, 5:31 am Please log in for more thread options wrote: | Dear all, | | I run into a problem when trying to use a radius server (on Solaris) | with ASA5540 for authentication (for RA vpn). In the appliance, I can | test it with: | # test aaa-server authentication my-aaa-gp host x.x.x.x username test | password pass | INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12) | INFO: Authentication Successful | | With tcpdump, I got this: | 15:25:42.850966 y.y.y.y.1025 > x.x.x.x..radius: rad-access-req 64 [id | 37] Attr[ User Pass NAS_ipaddr [|radius] | 15:25:42.851229 y.y.y.y..1025 > x.x.x.x.radius: rad-access-req 64 [id | 37] Attr[ User Pass NAS_ipaddr [|radius] | | Now when I try to make a vpn connection from Vista, the authentication | failed and tcpdump shown this: | 15:36:15.536324 y.y.y.y.1025 > x.x.x.x.radius: rad-access-req 156 [id | 39] Attr[ User NAS_port Service_type Framed_proto | NAS_port_type [|radius] | | In ASA5540's log, there was an entry: | AAA authentication server not accessible ... | | Can anyone what is going on here? Did I miss configure something? If | yes, how come the "test aaa-server" works? Did you configure the RADIUS to have the asa as client?

Posted by Its me Earnest T. on May 30, 2008, 8:02 pm Please log in for more thread options Check the logs on the SUN box. You didnt specify how the vista client was connecting but you need to make sure the correct connection protocols allowed on the SUN box. IE: CHAP, MSCHAP, PAP > Dear all, > > I run into a problem when trying to use a radius server (on Solaris) with > ASA5540 for authentication (for RA vpn). In the appliance, I can test it > with: > # test aaa-server authentication my-aaa-gp host x.x.x.x username test > password pass > INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12) > INFO: Authentication Successful > > With tcpdump, I got this: > 15:25:42.850966 y.y.y.y.1025 > x.x.x.x..radius: rad-access-req 64 [id 37] > Attr[ User Pass NAS_ipaddr [|radius] > 15:25:42.851229 y.y.y.y..1025 > x.x.x.x.radius: rad-access-req 64 [id 37] > Attr[ User Pass NAS_ipaddr [|radius] > > Now when I try to make a vpn connection from Vista, the authentication > failed and tcpdump shown this: > 15:36:15.536324 y.y.y.y.1025 > x.x.x.x.radius: rad-access-req 156 [id 39] > Attr[ User NAS_port Service_type Framed_proto > NAS_port_type [|radius] > > In ASA5540's log, there was an entry: > AAA authentication server not accessible ... > > Can anyone what is going on here? Did I miss configure something? If yes, > how come the "test aaa-server" works? > > Thanks in advance.

Similar Threads	Posted
ASA5540 and RADIUS problem	May 30, 2008, 3:42 am
PIX 501 PPTP VPN RADIUS authentication problem	August 2, 2005, 1:14 pm
VPN Client, IOS, Radius	July 15, 2005, 2:32 pm
Pix VPN Radius Accounting	September 16, 2005, 5:19 am
Pix: VPN Radius Accounting	September 21, 2005, 10:58 am
radius authentication	February 15, 2006, 7:54 am
Minor RADIUS POD bug in 12.3	June 8, 2006, 4:34 pm
vpn with SBS 2003 RADIUS	June 16, 2006, 7:52 am
Radius attributes on ACS	June 18, 2006, 8:31 am
TACACS or RADIUS-Help Please	August 11, 2006, 12:49 pm
IOS authentication with MS IAS (AAA/radius)	July 28, 2005, 4:25 pm
AAA RADIUS question	September 29, 2006, 1:53 pm
Pix 7.2.1 Radius filter-id	November 22, 2006, 8:12 am
SBR Radius Config	July 16, 2007, 3:18 pm
Re: Radius authentication	July 25, 2007, 2:32 pm

Contact Us | Privacy Policy