i user pix 515e and user vpn client is good .this my config : aaa-server 1.1.1.1 protocol radius aaa-server 1.1.1.1 (inside) host radius cisco timeout 10 .... crypto map outside_map client authentication 1.1.1.1
On Tue, 21 Sep 2004 18:55:22 +0200, Michael Markstaller <[EMAIL PROTECTED]> wrote: > I can only tell about the VPN3000 and IOS ezvpn but it should be > similar: > The only thing that is needed is an appropriate services type (006) and > Framed-Routing=Listen. > PIX is nasty sometimes, try with service-type "Administrative" first and > then lock down further. > But when the connection succeeds, i.e. the VPN-client says it's > connected the problem lies somewhere else beyond radius.. > Either one of the stupid PIX-coduit statements (called sthg else now), > (wrong) split tunnel or similar. > as soon as you're connected look into the PIX-debugs.. > > Michael > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Alan DeKok > > Sent: Tuesday, September 21, 2004 4:33 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Authenticating but no access > > > > > > "Saunders, Shawn" <[EMAIL PROTECTED]> wrote: > > > I have Freeradius 1.0 port on FreeBSD 4.10. I'm using it > > to authenticate > > > our VPN connections from a PIX 525. The radius server is > > located inside of > > > our internal network, and it is authenticating (per the logs) fine, > > > > Debug mode will show you more information. Trying to figure out > > what the server is doing by reading "radius.log" is a bad idea. > > > > > but when the VPN tunnel using Cisco VPN 4.60 is connected, the > > > remote client cannot see, or connect to any internal machine, either > > > in our DMZ or Internal Subnet. > > > > So... what attributes is your VPN client expecting to receive from > > the RADIUS server, in order to set up the users VPN connection? > > > > This is where the VPN documenttion may come in handy. > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
