Solved

Using Microsoft RADIUS and a Cisco 1841 router/vpn

Posted on 2006-11-06
2
672 Views
Last Modified: 2012-06-27
Hello experts,

I want to move our VPN accounts from the router and use RADIUS authentication from our MS Active Directory.  We only have about 18 accounts, so that's not too much of a hassle.  

All I want from the Microsoft server to say, is that this user is ok to be on the VPN.  

This is what I have set up:

1.  Cisco 1841 receives a request and passes it to the MS server
2.  MS looks to see if the user is in a particular group (ie. VPN Users)
3.  If they are, MS gives the green light to the Cisco 1841.
4.  Cisco 1841 allows the user to sign on.

Are there any concerns I should be aware of?  
0
Comment
Question by:tsuthar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 125 total points
ID: 17885575
The setup is actually quite simple and should work as you have it outlined.  Once you have the 1841 RADIUS configuration in place, add a client (the 1841) in IAS, specify the group to match in the Remote Access Policy and set authentication to unencrypted (PAP).
0
 
LVL 1

Author Comment

by:tsuthar
ID: 17889269
It looks like it does work, and yes it was quite simple.  I just didnt know if I was missing something.  

Apparently not.  

Points for you.
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question