ASA5540 and RADIUS problem

Dear all,

I run into a problem when trying to use a radius server (on Solaris) with ASA5540 for authentication (for RA vpn). In the appliance, I can test it with: # test aaa-server authentication my-aaa-gp host x.x.x.x username test password pass INFO: Attempting Authentication test to IP address (timeout: 12) INFO: Authentication Successful

With tcpdump, I got this:

15:25:42.850966 y.y.y.y.1025 > x.x.x.x..radius: rad-access-req 64 [id 37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y.} [|radius] 15:25:42.851229 y.y.y.y..1025 > x.x.x.x.radius: rad-access-req 64 [id 37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y} [|radius]

Now when I try to make a vpn connection from Vista, the authentication failed and tcpdump shown this:

15:36:15.536324 y.y.y.y.1025 > x.x.x.x.radius: rad-access-req 156 [id 39] Attr[ User{test} NAS_port{8} Service_type{Framed} Framed_proto{PPP} NAS_port_type{Virtual} [|radius]

In ASA5540's log, there was an entry: AAA authentication server not accessible ...

Can anyone what is going on here? Did I miss configure something? If yes, how come the "test aaa-server" works?

Thanks in advance.

Reply to
John Smith
Loading thread data ...

| Dear all, | | I run into a problem when trying to use a radius server (on Solaris) | with ASA5540 for authentication (for RA vpn). In the appliance, I can | test it with: | # test aaa-server authentication my-aaa-gp host x.x.x.x username test | password pass | INFO: Attempting Authentication test to IP address (timeout: 12) | INFO: Authentication Successful | | With tcpdump, I got this: | 15:25:42.850966 y.y.y.y.1025 > x.x.x.x..radius: rad-access-req 64 [id | 37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y.} [|radius] | 15:25:42.851229 y.y.y.y..1025 > x.x.x.x.radius: rad-access-req 64 [id | 37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y} [|radius] | | Now when I try to make a vpn connection from Vista, the authentication | failed and tcpdump shown this: | 15:36:15.536324 y.y.y.y.1025 > x.x.x.x.radius: rad-access-req 156 [id | 39] Attr[ User{test} NAS_port{8} Service_type{Framed} Framed_proto{PPP} | NAS_port_type{Virtual} [|radius] | | In ASA5540's log, there was an entry: | AAA authentication server not accessible ... | | Can anyone what is going on here? Did I miss configure something? If | yes, how come the "test aaa-server" works?

Did you configure the RADIUS to have the asa as client?

Reply to
Morph

Check the logs on the SUN box. You didnt specify how the vista client was connecting but you need to make sure the correct connection protocols allowed on the SUN box. IE: CHAP, MSCHAP, PAP

Reply to
Its me Earnest T.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.