Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remote Access VPN with Radius

Posted on 2007-03-29
1
Medium Priority
?
431 Views
Last Modified: 2010-08-05
I have cisco pix 515E with v6.3. I want to setp Remote access VPN with Radius authentication. Pix is already configured to access our Mail server and some apllication servers from internet. I want to enable authentication only for VPN tunneled users without effecting the static maping of mail and other application servers.  The following is the configuration i prepared for remote access VPN. Can any one help me to add Radius authentication to my configuration and please correct the configuration if any mistakes is there.

access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
ip local pool vpnpool 192.168.20.1.1-192.168.20.254

nat (inside) 0 access-list vpn

sysopt connection permit-ipsec

crypto ipsec transform-set esp_aes256_sha esp-aes-256 esp-sha-hmac

crypto dynamic-map dynamic_out 100 set transform-set esp_aes256_sha
crypto map out_map 30 ipsec-isakmp dynamic dynamic_out
crypto map out_map interface outside

isakmp enable outside
isakmp identity address

isakmp policy 5 authentication pre-share
isakmp policy 5 encryption aes-256
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 1800

vpngroup myvpn address-pool vpnpool
vpngroup myvpn dns-server 192.168.1.xx
vpngroup myvpn wins-server 192.168.xx
vpngroup myvpn split-tunnel vpn
vpngroup myvpn idle-time 1200
vpngroup myvpn password  xxxxx

Thanks in advance
0
Comment
Question by:manuitpro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 10

Accepted Solution

by:
Sorenson earned 1000 total points
ID: 18815598
add the lines:
!
aaa-server xxxxx protocol radius
aaa-server xxxxx max-failed-attempts 3
aaa-server xxxxx deadtime 10
aaa-server xxxxx (inside) host ip.ip.ip.ip password  timeout 5
!
! (where xxxxx is the name of your radius server.  ip.ip.ip.ip is the ip address and password is the radius shared secret)

then add:
!
crypto map out_map client authentication xxxxx
!

Be careful if you have any site to site vpns, you will need to be sure that the isakmp key statements have "no-xauth" after the netmask to prevent them from trying to use any other type of authentication

!
if you are using win2k or 2k3 for the radius server, check out this page:  
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml


0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question