Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Concentrator 3005 and IAS

Status
Not open for further replies.
johlang

johlang

IS-IT--Management
Apr 10, 2003
4
SE
I'm trying to get this connection between the concentrator and the RADIUS solution included in IAS to work, but no luck so far. Cisco has a built-in feature that lets one test if the connection between the concentrator and the RADIUS server is working, and it is. But I don't know how to configure groups or users in the concentrator to get this to work. Can anyone help me out here? (I know this question is rather advanced, but any kind of help is appreciated)

Thanks
Johlang
 
Sort by date Sort by votes
So I guess you have configured the IAS and Concentrator with a shared secret.
You now have to either use the base group or define a new group and set this to authenticate using Radius.
One problem I have found is that if you do not allow PAP authentication on the IAS server for clients, then the concentrator will not work with IPSEC clients.
 
Upvote 0 Downvote
This is really pretty easy to do but harder to post but will give it a shot...

With your browser connected to the VPN3000 follow this path and add a group
Configuration | User Management | Groups |Add

name it whatever you want and leave it set to internal

Then follow this path

Configuration | User Management | Groups | Modify - highlight the group that you created and clicking on Modify

click on the IPSEC Tab and in the Authentication pull down (set to internal by default) change this to RADIUS and then click Apply to make the change take.

then follow this path

Configuration | User Management | Groups

select (highlight) your newly created group and click on Authentication Servers - you should now be here:
Configuration | User Management | Groups | Authentication Servers

at this location you should be able to add your Authentication Server to the group and this will allow users connecting to the group you created to be authenticated outside the Concentrator and in your case IAS -

One side note - these instructions are assuming your only authenticating users against an group contained within the Concentrator...You could make the group External and push the group attributes via Radius but this is more involved.

Good Luck
~CN~
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
680
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
510
GlobeTrekkerGal
GlobeTrekkerGal
Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
1K
iggsterman
iggsterman
spivy66
  • Locked
  • Question
cisco vpn ssl help!
Replies
0
Views
131
spivy66
spivy66
KarstenJHilton
  • Locked
  • Question
Cisco RVS4000 IPSec VPN Setup
Replies
0
Views
157
KarstenJHilton
KarstenJHilton

Part and Inventory Search

Sponsor

Back
Top