2811, Pix 515e, & 3005

Help!

Need some advice here. Have VPN up and running with authentication for group & users internal to VPN. I can establish sessions for multiple clients. The vpn inside sits behind Pix. Outside is between 2811 &

515e. I am trying to setup IAS on 2003 box that is sitting behind Pix.

I want the concentrator to authenticate group against internal db on

3005 and then pass user authentication to IAS. The IAS box is configured correctly as I can authenticate against it from other hardware. I have reviewed the docs on the cisco site and have the Raduiys with expiry configured correctly based on this information.

Is there anything special since a Pix is part of the equation? Has anyone been able to get a configu such as this to work?

Thanks in advance.

Reply to
pix help
Loading thread data ...

formatting link
HTH MArtin

"pix help" skrev i en meddelelse news: snipped-for-privacy@s48g2000cws.googlegroups.com...

Reply to
Martin Bilgrav

Hello,

Getting the following error when trying to authenticate VPN 3005 to IAS box. Any suggestions?

Thanks in advance.

User \domainuser was denied access. Fully-Qualified-User-Name = \XXXX NAS-IP-Address = 192.168.150.25 NAS-Identifier = Called-Station-Identifier = 10.10.10.50 Calling-Station-Identifier = XX.XXX.XXX.XXX Client-Friendly-Name = vpn.XXXXXXXX.com Client-IP-Address = 192.168.150.25 NAS-Port-Type = Virtual NAS-Port = 1082 Proxy-Policy-Name = test Authentication-Provider = Windows Authentication-Server = Policy-Name = Authentication-Type = MS-CHAPv2 EAP-Type = Reason-Code = 16 Reason = Authentication was not successful because an unknown user name or incorrect password was used.

meddelelsenews: snipped-for-privacy@s48g2000cws.googlegroups.com...

Reply to
pix help

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.