PIX 515/E and 2000 IAS

Hi all, Sorry if my post seems a bit basic, first attempt and all that. I am trying to get this PIX to use the 2000 IAS to get users to authenticated via there AD login. It connects fine using the Group Auth. then just connects. Config below. Can anyoen see anything wrong? I have read loads of docs and added bits but still no luck.

PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full interface ethernet2 auto shutdown nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security4 enable password s/dbOAvhKrGje5vk encrypted passwd dwrDh.I2nWszuAQU encrypted hostname pix domain-name xxx.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 10.224.0.0 USLiquent name 10.0.0.0 nixsoloutionsLAN name 10.228.120.0 ChipDevNet name 10.228.200.0 DILTEST access-list inside_access_in permit tcp any any access-list inside_access_in permit icmp any any access-list inside_access_in permit udp any any access-list outside_access_in permit icmp any any echo-reply access-list inside_outbound_nat0_acl permit ip 10.228.100.0

255.255.255.0 10.228.5.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 interface outside access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 10.228.30.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 163.231.0.0 255.255.0.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 164.179.0.0 255.255.255.224 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 10.228.70.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 10.228.101.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 10.224.144.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 10.228.40.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 USLiquent 255.255.0.0 access-list inside_outbound_nat0_acl permit ip 10.228.100.0 255.255.255.0 10.228.13.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip any 10.228.110.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 interface outside access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 nixsoloutionsLAN 255.255.0.0 access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 DILTEST 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 10.228.5.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 10.228.30.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 10.228.70.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 163.231.0.0 255.255.0.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 164.179.0.0 255.255.255.224 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 10.228.101.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 USLiquent 255.255.0.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 10.224.144.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 10.228.13.0 255.255.255.0 access-list outside_cryptomap_20 permit icmp 10.228.100.0 255.255.255.0 10.228.5.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.228.100.0 255.255.255.0 10.228.40.0 255.255.255.0 access-list 101 permit ip host 62.200.87.253 host 10.228.100.10 access-list outside_cryptomap_dyn_20 permit ip any 10.228.110.0 255.255.255.0 access-list outside_cryptomap_dyn_40 permit ip any 10.228.110.0 255.255.255.0 access-list outside_cryptomap_40 permit ip 192.168.1.0 255.255.255.0 nixsoloutionsLAN 255.255.0.0 access-list outside_cryptomap_60 permit ip 192.168.1.0 255.255.255.0 DILTEST 255.255.255.0 access-list outside_authentication_PIX permit tcp 10.228.110.0 255.255.255.0 10.228.100.0 255.255.255.0 pager lines 24 logging on logging timestamp logging console notifications logging buffered errors logging trap debugging logging queue 8192 icmp permit any echo outside icmp permit any echo-reply outside icmp permit any inside mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside x.x.x.x 255.255.255.224 ip address inside 10.228.100.10 255.255.255.0 no ip address intf2 ip audit info action alarm ip audit attack action alarm ip local pool ukvpnpool 10.228.110.1-10.228.110.254 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 62.173.118.193 1 route inside 10.228.8.0 255.255.255.0 10.228.100.231 1 route inside ChipDevNet 255.255.255.0 10.228.100.200 1 route inside 192.168.1.0 255.255.255.0 10.228.100.200 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa-server PIX protocol radius aaa-server PIX (inside) host 10.228.100.21 12345678 timeout 5 aaa authentication match outside_authentication_PIX outside PIX http server enable http 10.228.5.201 255.255.255.255 outside http x.x.x.x 255.255.255.255 outside http 10.228.100.0 255.255.255.0 inside http 10.228.100.35 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec auth-prompt prompt Please Enter You Domain Logon auth-prompt accept Thank You. Access Granted auth-prompt reject Please Check Your Username and Password and Try Again crypto ipsec transform-set des esp-des esp-md5-hmac crypto ipsec transform-set 3des esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set 3dessha esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set 3des crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40 crypto dynamic-map outside_dyn_map 40 set transform-set 3des crypto map outside_map 20 ipsec-isakmp crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set pfs group2 crypto map outside_map 20 set peer x.x.x.x crypto map outside_map 20 set transform-set 3des crypto map outside_map 40 ipsec-isakmp crypto map outside_map 40 match address outside_cryptomap_40 crypto map outside_map 40 set pfs group2 crypto map outside_map 40 set peer x.x.x.x crypto map outside_map 40 set transform-set 3des crypto map outside_map 60 ipsec-isakmp crypto map outside_map 60 match address outside_cryptomap_60 crypto map outside_map 60 set pfs group2 crypto map outside_map 60 set peer x.x.x.x crypto map outside_map 60 set transform-set 3des crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto map outside_cryptomap_dyn_20 client token authentication RADIUS isakmp enable outside isakmp enable inside isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode isakmp identity address isakmp keepalive 240 isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 isakmp policy 2 authentication pre-share isakmp policy 2 encryption 3des isakmp policy 2 hash md5 isakmp policy 2 group 2 isakmp policy 2 lifetime 28800 isakmp policy 5 authentication pre-share isakmp policy 5 encryption des isakmp policy 5 hash sha isakmp policy 5 group 2 isakmp policy 5 lifetime 86400 isakmp policy 6 authentication pre-share isakmp policy 6 encryption 3des isakmp policy 6 hash sha isakmp policy 6 group 1 isakmp policy 6 lifetime 86400 isakmp policy 7 authentication pre-share isakmp policy 7 encryption 3des isakmp policy 7 hash md5 isakmp policy 7 group 1 isakmp policy 7 lifetime 28800 vpngroup ukvpn address-pool ukvpnpool vpngroup ukvpn dns-server 10.224.140.101 10.228.100.20 vpngroup ukvpn wins-server 10.224.140.101 vpngroup ukvpn default-domain uk.liquent.com vpngroup ukvpn split-tunnel outside_cryptomap_dyn_20 vpngroup ukvpn split-dns uk.liquent.com liquent.com vpngroup ukvpn pfs vpngroup ukvpn idle-time 1800 vpngroup ukvpn authentication-server PIX vpngroup ukvpn user-authentication vpngroup ukvpn user-idle-timeout 5 vpngroup ukvpn device-pass-through vpngroup ukvpn password ******** telnet x.x.x.x 255.255.255.255 outside telnet 10.228.0.0 255.255.0.0 inside telnet 10.228.0.0 255.255.0.0 intf2 telnet timeout 5 ssh x.x.x.x 255.255.255.224 outside ssh 10.228.5.0 255.255.255.0 outside ssh xxxxx 255.255.0.0 outside ssh 10.228.100.0 255.255.255.0 inside ssh 10.224.140.0 255.255.252.0 inside ssh 10.224.140.0 255.255.252.0 intf2 ssh timeout 5 management-access outside console timeout 0 username admin password VLvakGASdykrK/qc encrypted privilege 2 username jason password 7QcspFGVDSFcaxMQ encrypted privilege 2 terminal width 80

Sorry it is so long. Thanks Jason