This is how I have successfully configured a Cisco 2921 Integrated Services Router as a VPN server for remote users…
! [SNIP] ! aaa new-model ! ! aaa authentication login VPN_UserAuth group radius aaa authentication login CLI_UserAuth local aaa authentication login userauthen group radius aaa authorization network VPN_GroupAuth local ! ! [SNIP] crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group group1 key secretp4ssw0rd pool group1pool acl 101 save-password crypto isakmp profile vpn1-ra match identity group group1 client authentication list VPN_UserAuth isakmp authorization list VPN_GroupAuth client configuration address respond virtual-template 3 ! ! crypto ipsec transform-set VTI-TS esp-3des esp-sha-hmac ! ! crypto ipsec profile test-vti1 set transform-set VTI-TS ! ! ! [SNIP] interface Virtual-Template3 type tunnel ip unnumbered GigabitEthernet0/0 ip virtual-reassembly in tunnel mode ipsec ipv4 tunnel protection ipsec profile test-vti1 ! ip local pool group1pool 172.18.1.1 172.18.1.25 ! ! [SNIP] access-list 101 permit ip 10.0.0.0 0.0.0.255 172.18.1.0 0.0.0.255 ! ! [SNIP] ip radius source-interface GigabitEthernet0/1 radius-server host 10.0.0.10 key remoteauth
Can you please post a detayled configuration of MS RADIUS (IAS/NPS) ?
http://fixingitpro.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/