Cisco IOS VPN Authentication via Windows Radius/IAS

This article was posted more than 1 year ago. Please keep in mind that the information on this page may be outdated, insecure, or just plain wrong today.

Here are the important pieces of the puzzle…
Router:

aaa new-model
!
!
aaa authentication login default group radius
aaa authentication login userauthen group radius
aaa authorization network groupauthor local
!
aaa session-id common
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group vpnclient
 key remote
 dns 10.0.0.10
 domain techish.net
 pool ippool
 acl 105
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10
 set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 crypto map clientmap
!
ip radius source-interface FastEthernet0/1
!
! Split tunnel VPN traffic
access-list 105 permit ip 10.0.0.0 0.0.0.255 172.16.0.0 0.0.0.255
radius-server host 10.147.204.12 auth-port 1645 acct-port 1646 key cisco

Windows Server 2003 IAS:
Screenshots soon…

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *