Pix to RADIUS Server issue

[phaseshift]

I have a PIX 501 setup to due Radius Auth.

Once I try and log into my network via the VPN I keep getting the same error at the radius server.

Er: "Unknown username or bad password"

Even though the account is correct. Any ideas on my is going wrong during the radius auth.

Thanks
Phaseshift

 

[Antelope]

What type of Radius server? Microsoft's IAS?

 

[br0ck]

pptp or ipsec? as well>

 

[martinp05]

hello,

with the ms-ias this should be the configuration:

aaa authentication ssh console aaa_makeit LOCAL
aaa authentication telnet console aaa_makeit LOCAL
aaa authentication http console aaa_makeit LOCAL

aaa-server aaa_makeit protocol radius
aaa-server aaa_makeit max-failed-attempts 3
aaa-server aaa_makeit deadtime 10
aaa-server aaa_makeit (inside) host 172.16.1.32 pwd timeout 10

on the ms-ias i configured the pix as a standard radius-device...this works fine..

importaint:
aaa authentication http console aaa_makeit LOCAL

--> if the radius server does not answerer, the pix takes the LOCAL-DB for aaa. So you have to configure a username locally on the pix (command: username).

martin


----------------------------------
Martin Peinsipp, Austria
CCSA,
IT-Security-Administrator

 

[martinp05]

i for got the config for the vpn-client-stuff:

crypto map crypto_outside 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map crypto_outside client authentication aaa_makeit



----------------------------------
Martin Peinsipp, Austria
CCSA,
IT-Security-Administrator