AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of dwetherby
dwetherby
 asked on

Authenticating users from subdomains against RADIUS in forest root domain

We have created a new IAS Radius server in our parent domain for authentication of Cisco VPN clients.  I would like to add the capability to have the child domains use the radius server on the parent domain for authentication.  I have the AAA-server setup on the ASA5510 on one of the Routers to use for testing.  I opened up the ports on the parent domains firewall and pointed them to the IAS server.  For some reason I cannot get the aaa-server on the cisco asa5510 to authenticate against the radius server on the parent domain.  I have tried using the ip for the ias server and the parent domains router IP.  I am clearly hitting a wall at this point and would like some input from those smarter than I on this subject.  I do have the Radius authentication working perfectly on the parent domain but I was hoping to get this working on the child domains without installing IAS server on each domain.  
Zone changed to include Routers by Netminder 29 Jul 2008

Open in new window

VPNHardware FirewallsRouters
Avatar of undefined
Last Comment
dwetherby
8/22/2022 - Mon
dwetherby
ASKER
I am actually shocked that no one can answer this question!  If I could get someone to at least take a gander at this question, then I could possibly clarify the question further.
ASKER CERTIFIED SOLUTION
Pete Long
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
dwetherby
ASKER
I was trying to avoid adding the Radius servers on the child domains, but I will definitely do that if necessary.  I was  thinking that I could add the routers from each of the child domains as clients and then configure it that way.  I have tried to open up ports on each of the routers/firewalls but to no avail.  I get the authentication prompt and then I get disconnected.  If I try to run the test from the child router, I get no response from the authentication server.  I am sure that there is something simple that I am missing.  Tomorrow I will try installing the IAS s/w on the child domain controller and see if that helps at all.  I really appreciate any suggestions you can give me.

Thanks,

Dave W.
Pete Long
OK - but im confused? you mean you are adding the routers as authentication agents?
or are you tring to terminate a VPN on the router?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
dwetherby
ASKER
I was hoping to use the IAS server on the parent domain and then point the child AAA-servers to the parent domain for authentication.  I have decided to just install the IAS server on each of the domains as this seems to be the easiest way to do it.
dwetherby
ASKER
I appreciate your help on this matter.  I was hoping to avoid installing the IAS s/w on all the servers, but that did the trick.  My original goal was to have the server in the parent domain be the Radius server and then have all the AAA servers/routers authenticate off that server.  Ah Well!  Once again thanks!
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent