Armet
asked on
Cisco 1841 using Server 2003 Radius
I am stuck here, could use some direction.
I have a Cisco 1841 ISR router running a VPN connection. I am trying to enable Windows authentication for my VPN access clients by using a Windows 2003 server as a RADIUS server for Auth. For the VPN connection on the router, authentication policy is radius first, then local accounts. When I attempt a remote login, I keep getting prompted for my username and password.. If I look at the server event logs I get events that say Event ID : 1 "username" was granted access.
On the router, I get the messages seen in the attached picture. Those messages appear every connection attempt, and happen at the exact same time according to the time stamps.
So, it appears the server is recieving the requests, and allows them, but my client never fully connects due to authorization failures. Has anyone seen this before? There are no firewalls or anti-virus apps on the server that would prevent traffic in any direction.
Routerlog.png
I have a Cisco 1841 ISR router running a VPN connection. I am trying to enable Windows authentication for my VPN access clients by using a Windows 2003 server as a RADIUS server for Auth. For the VPN connection on the router, authentication policy is radius first, then local accounts. When I attempt a remote login, I keep getting prompted for my username and password.. If I look at the server event logs I get events that say Event ID : 1 "username" was granted access.
On the router, I get the messages seen in the attached picture. Those messages appear every connection attempt, and happen at the exact same time according to the time stamps.
So, it appears the server is recieving the requests, and allows them, but my client never fully connects due to authorization failures. Has anyone seen this before? There are no firewalls or anti-virus apps on the server that would prevent traffic in any direction.
Routerlog.png
ASKER
The Radius server is 192.168.122.22 and this is its routing table
0.0.0.0 0.0.0.0 192.168.122.1 192.168.122.222 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.122.0 255.255.255.0 192.168.122.222 192.168.122.222 20
192.168.122.222 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.122.255 255.255.255.255 192.168.122.222 192.168.122.222 20
224.0.0.0 240.0.0.0 192.168.122.222 192.168.122.222 20
255.255.255.255 255.255.255.255 192.168.122.222 192.168.122.222 1
Default Gateway: 192.168.122.1
VPN Routing Table
Gateway of last resort is 65.125.83.1 to network 0.0.0.0
C 192.168.122.0/24 is directly connected, FastEthernet0/0
1.0.0.0/30 is subnetted, 2 subnets
C 1.1.1.0 is directly connected, Loopback160
C 1.1.1.4 is directly connected, Loopback180
65.0.0.0/27 is subnetted, 1 subnets
C x.x.x.0 is directly connected, FastEthernet0/1
x.x.x.x/32 is subnetted, 1 subnets
S* 0.0.0.0/0 [1/0] via x.x.x.x
x.x.x.x 1st time is entire WAN subnet, 2nd time is the wan gateway
0.0.0.0 0.0.0.0 192.168.122.1 192.168.122.222 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.122.0 255.255.255.0 192.168.122.222 192.168.122.222 20
192.168.122.222 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.122.255 255.255.255.255 192.168.122.222 192.168.122.222 20
224.0.0.0 240.0.0.0 192.168.122.222 192.168.122.222 20
255.255.255.255 255.255.255.255 192.168.122.222 192.168.122.222 1
Default Gateway: 192.168.122.1
VPN Routing Table
Gateway of last resort is 65.125.83.1 to network 0.0.0.0
C 192.168.122.0/24 is directly connected, FastEthernet0/0
1.0.0.0/30 is subnetted, 2 subnets
C 1.1.1.0 is directly connected, Loopback160
C 1.1.1.4 is directly connected, Loopback180
65.0.0.0/27 is subnetted, 1 subnets
C x.x.x.0 is directly connected, FastEthernet0/1
x.x.x.x/32 is subnetted, 1 subnets
S* 0.0.0.0/0 [1/0] via x.x.x.x
x.x.x.x 1st time is entire WAN subnet, 2nd time is the wan gateway
Thanks! ... and config?
ASKER
The config is entirely too long to post here. Is there a specific portion you are looking for?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> RADIUS server IP address & routing table on host
> Routing table and configuration on VPN router