[VPN] Cisco 3000 VPN Concentrator and RADIUS
Siddhartha Jain
losttoy2000 at yahoo.co.uk
Mon Jan 27 01:01:18 EST 2003
Check for default filters on the Concentrator applied
to the public interface. And can you ping the RADIUS
server from the VPN concentrator and vice versa?
--- David Goldsmith <dgoldsmith at sans.org> wrote: > I
have a Cisco 3015 VPN Concentrator loaded with
> software version 3.6.7. Using
> Internal authentication, I am able to have a client
> connect to the VPN and
> establish a tunnel.
>
> I am now trying to setup RADIUS authentication. The
> public interface of the
> VPN is in the DMZ network. The RADIUS server is
> also in the DMZ. From the CLI,
> I can successfully ping the RADIUS server. I have
> defined a RADIUS auth
> server using port 1812. When I try the 'Test'
> option to see if RADIUS auth is
> working, I get a timeout error that the server is
> unreachable. Running sniffers
> on both the external and internal network segments
> reveals NO RADIUS traffic
> leaving the VPN.
>
> The following article from Cisco shows a similar
> configuration with the RADIUS
> server in the DMZ in front of the VPN so this should
> work.
>
>
http://www.cisco.com/en/US/products/sw/secursw/ps2086/
> (URL wraps)
> products_configuration_example09186a0080094a03.shtml
>
>
> Any ideas?
>
> Thanks,
> Dave Goldsmith
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
More information about the VPN
mailing list