Solved

Remote Access VPN with Radius

Posted on 2007-03-29
1
422 Views
Last Modified: 2010-08-05
I have cisco pix 515E with v6.3. I want to setp Remote access VPN with Radius authentication. Pix is already configured to access our Mail server and some apllication servers from internet. I want to enable authentication only for VPN tunneled users without effecting the static maping of mail and other application servers.  The following is the configuration i prepared for remote access VPN. Can any one help me to add Radius authentication to my configuration and please correct the configuration if any mistakes is there.

access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
ip local pool vpnpool 192.168.20.1.1-192.168.20.254

nat (inside) 0 access-list vpn

sysopt connection permit-ipsec

crypto ipsec transform-set esp_aes256_sha esp-aes-256 esp-sha-hmac

crypto dynamic-map dynamic_out 100 set transform-set esp_aes256_sha
crypto map out_map 30 ipsec-isakmp dynamic dynamic_out
crypto map out_map interface outside

isakmp enable outside
isakmp identity address

isakmp policy 5 authentication pre-share
isakmp policy 5 encryption aes-256
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 1800

vpngroup myvpn address-pool vpnpool
vpngroup myvpn dns-server 192.168.1.xx
vpngroup myvpn wins-server 192.168.xx
vpngroup myvpn split-tunnel vpn
vpngroup myvpn idle-time 1200
vpngroup myvpn password  xxxxx

Thanks in advance
0
Comment
Question by:manuitpro
1 Comment
 
LVL 10

Accepted Solution

by:
Sorenson earned 250 total points
ID: 18815598
add the lines:
!
aaa-server xxxxx protocol radius
aaa-server xxxxx max-failed-attempts 3
aaa-server xxxxx deadtime 10
aaa-server xxxxx (inside) host ip.ip.ip.ip password  timeout 5
!
! (where xxxxx is the name of your radius server.  ip.ip.ip.ip is the ip address and password is the radius shared secret)

then add:
!
crypto map out_map client authentication xxxxx
!

Be careful if you have any site to site vpns, you will need to be sure that the isakmp key statements have "no-xauth" after the netmask to prevent them from trying to use any other type of authentication

!
if you are using win2k or 2k3 for the radius server, check out this page:  
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml


0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco router recommendation for a 1 gig internet connection 11 61
Shoretel QoS Configuration on Cisco Switches 9 56
ISP Change 14 51
Cisco ASA 3 28
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question