ASA5540 and RADIUS problem

Discussion in 'Cisco' started by John Smith, May 30, 2008.

  1. John Smith

    John Smith Guest

    Dear all,

    I run into a problem when trying to use a radius server (on Solaris)
    with ASA5540 for authentication (for RA vpn). In the appliance, I can
    test it with:
    # test aaa-server authentication my-aaa-gp host x.x.x.x username test
    password pass
    INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12)
    INFO: Authentication Successful

    With tcpdump, I got this:
    15:25:42.850966 y.y.y.y.1025 > x.x.x.x..radius: rad-access-req 64 [id
    37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y.} [|radius]
    15:25:42.851229 y.y.y.y..1025 > x.x.x.x.radius: rad-access-req 64 [id
    37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y} [|radius]

    Now when I try to make a vpn connection from Vista, the authentication
    failed and tcpdump shown this:
    15:36:15.536324 y.y.y.y.1025 > x.x.x.x.radius: rad-access-req 156 [id
    39] Attr[ User{test} NAS_port{8} Service_type{Framed} Framed_proto{PPP}
    NAS_port_type{Virtual} [|radius]

    In ASA5540's log, there was an entry:
    AAA authentication server not accessible ...

    Can anyone what is going on here? Did I miss configure something? If
    yes, how come the "test aaa-server" works?

    Thanks in advance.
     
    John Smith, May 30, 2008
    #1
    1. Advertising

  2. John Smith

    Morph Guest

    In the message <g1ob79$e0c$> John Smith
    wrote:

    | Dear all,
    |
    | I run into a problem when trying to use a radius server (on Solaris)
    | with ASA5540 for authentication (for RA vpn). In the appliance, I can
    | test it with:
    | # test aaa-server authentication my-aaa-gp host x.x.x.x username test
    | password pass
    | INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12)
    | INFO: Authentication Successful
    |
    | With tcpdump, I got this:
    | 15:25:42.850966 y.y.y.y.1025 > x.x.x.x..radius: rad-access-req 64 [id
    | 37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y.} [|radius]
    | 15:25:42.851229 y.y.y.y..1025 > x.x.x.x.radius: rad-access-req 64 [id
    | 37] Attr[ User{test} Pass NAS_ipaddr{y.y.y.y} [|radius]
    |
    | Now when I try to make a vpn connection from Vista, the authentication
    | failed and tcpdump shown this:
    | 15:36:15.536324 y.y.y.y.1025 > x.x.x.x.radius: rad-access-req 156 [id
    | 39] Attr[ User{test} NAS_port{8} Service_type{Framed} Framed_proto{PPP}
    | NAS_port_type{Virtual} [|radius]
    |
    | In ASA5540's log, there was an entry:
    | AAA authentication server not accessible ...
    |
    | Can anyone what is going on here? Did I miss configure something? If
    | yes, how come the "test aaa-server" works?

    Did you configure the RADIUS to have the asa as client?
     
    Morph, May 30, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    0
    Views:
    2,678
    David
    Nov 6, 2003
  2. Richard Field

    RADIUS / PPTP problem

    Richard Field, Jan 12, 2004, in forum: Cisco
    Replies:
    0
    Views:
    1,919
    Richard Field
    Jan 12, 2004
  3. Spoettel Otmar
    Replies:
    0
    Views:
    564
    Spoettel Otmar
    May 12, 2004
  4. oly
    Replies:
    3
    Views:
    5,628
  5. feck199
    Replies:
    1
    Views:
    1,425
    feck199
    Sep 6, 2006
Loading...

Share This Page