Getting the following:
Seems like it is rejecting on Password, but I know the password is right because it logs in just fine directly to it.
Here is the config:
Is it possible that I have the authentication in the wrong place? the logs in the windows radius server are not showing a rejection (though they aren't neccessary showing allowed either). They show:
Thanks in advance for all your help
--Hobbes
Code:
FFXOFFICE(config)# 414: xauth authentication in progress for user: , session id: 609872245
415: Received response: ds3net\administrator, session id 609872245
416: Making authentication request for host 192.168.0.51, user ds3net\administrator, session id: 609872245
417: Processing challenge for user ds3net\administrator, session id: 609872245, challenge: Password:
418: Received xauth challenge: Password: , session id: 609872245
419: Received response: , session id 609872245
420: Making authentication request for host 192.168.0.51, user ds3net\administrator, session id: 609872245
421: xauth authentication failed for user: ds3net\administrator, session id: 609872245
FFXOFFICE(config)#Seems like it is rejecting on Password, but I know the password is right because it logs in just fine directly to it.
Here is the config:
Code:
aaa-server ds3net protocol radius
aaa-server ds3net max-failed-attempts 3
aaa-server ds3net deadtime 10
aaa-server ds3net (inside) host 192.168.0.51 ******* timeout 10
sysopt connection permit-ipsec
crypto ipsec transform-set chevelle esp-des esp-md5-hmac
crypto dynamic-map dynmap 30 set transform-set chevelle
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address VPNTRAFFIC
crypto map transam 1 set peer 206.16.233.206
crypto map transam 1 set transform-set chevelle
crypto map transam 99 ipsec-isakmp dynamic dynmap
crypto map transam client authentication ds3net
crypto map transam interface outside
isakmp enable outside
isakmp key ******** address 206.16.233.206 netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 86400
vpngroup DS3FFX address-pool test
vpngroup DS3FFX split-tunnel split
vpngroup DS3FFX idle-time 1800
vpngroup DS3FFX authentication-server ds3net
vpngroup DS3FFX password ********Is it possible that I have the authentication in the wrong place? the logs in the windows radius server are not showing a rejection (though they aren't neccessary showing allowed either). They show:
Code:
192.168.0.1,ds3net\administrator,11/29/2005,15:21:29,IAS,DS3MAIL,4,192.168.0.1,31,68.98.186.1,5,4,4108,192.168.0.1,4116,0,4128,FFX_PIX-501,5000,ip:source-ip=68.98.186.1,4155,1,4154,Use Windows authentication for all users,4129,DS3NET\administrator,4127,1,4149,Connections to other access servers,25,311 1 192.168.0.51 11/28/2005 12:48:28 5,4130,ds3net.com/Users/Administrator,4136,1,4142,0
192.168.0.1,ds3net\administrator,11/29/2005,15:21:29,IAS,DS3MAIL,25,311 1 192.168.0.51 11/28/2005 12:48:28 5,4130,ds3net.com/Users/Administrator,4149,Connections to other access servers,4127,1,4108,192.168.0.1,4116,0,4128,FFX_PIX-501,4129,DS3NET\administrator,4155,1,4154,Use Windows authentication for all users,4136,3,4142,65Thanks in advance for all your help
--Hobbes
