Hi
I am attempting to configure a SR4134 with VPN moduale to allow VPN client connections to be authenticated via a RADIUS server. i can get it to work with just username but its failing when i use group authentication. I have conducted wireshark traces and can see the ike messages pass through phase 1 and the RADIUS server has accepted the request but it does not get past phase 1.5. The server send out the config message and the client responds and continues but it does not go to phase 2.
I am using Microsoft IAS as the radius server, I believe the issue is i am not sending the right information from the server to the client but haven't bee able to find anthing specifc that needs to be setup.
Thank you in advanced
Cheers
Jeff
ike policy vpntest
local-address *.*.*.*
remote-id group-name "TEST-VPN" password
proposal 1
exit proposal
client configuration
address-pool 2 192.168.23.10 192.168.23.50
private-side-address 192.168.20.3
dns-server 192.168.10.1 192.168.10.2
wins-server 192.168.10.1 192.168.10.2
client-domain-name domain.local
banner-enable
banner-text "No Unauthorised entry"
keepalive
enable
interval 60
exit keepalive
split-tunnel
mode enabled
network 192.168.9.0 24
network 192.168.20.0 24
network 192.168.10.0 24
network 192.168.11.0 24
exit split-tunnel
nat-keepalive 60
exit configuration
exit policy
I am attempting to configure a SR4134 with VPN moduale to allow VPN client connections to be authenticated via a RADIUS server. i can get it to work with just username but its failing when i use group authentication. I have conducted wireshark traces and can see the ike messages pass through phase 1 and the RADIUS server has accepted the request but it does not get past phase 1.5. The server send out the config message and the client responds and continues but it does not go to phase 2.
I am using Microsoft IAS as the radius server, I believe the issue is i am not sending the right information from the server to the client but haven't bee able to find anthing specifc that needs to be setup.
Thank you in advanced
Cheers
Jeff
ike policy vpntest
local-address *.*.*.*
remote-id group-name "TEST-VPN" password
proposal 1
exit proposal
client configuration
address-pool 2 192.168.23.10 192.168.23.50
private-side-address 192.168.20.3
dns-server 192.168.10.1 192.168.10.2
wins-server 192.168.10.1 192.168.10.2
client-domain-name domain.local
banner-enable
banner-text "No Unauthorised entry"
keepalive
enable
interval 60
exit keepalive
split-tunnel
mode enabled
network 192.168.9.0 24
network 192.168.20.0 24
network 192.168.10.0 24
network 192.168.11.0 24
exit split-tunnel
nat-keepalive 60
exit configuration
exit policy
Comment