Cisco 2600 VPN with RADIUS (AD) authentication?

paradigm

paradigm

paradigm

Caporegime
Joined
26 Aug 2003
Posts
37,508
Location
Leafy Cheshire
I'm currently trying to configure a 2611XM as a VPDN endpoint, preferably using L2TP, and using RADIUS to authenticate with a Server 2008 R2 Active Directory.

Now, I can get the router to authenticate logon (con/vty) requests with AD, which proves that I have the NPS role configured correctly on the 2008 R2 box, however the VPN connection always errors with Error 629 (The connection was closed by the remote computer).

If I set up a basic PPTP or L2TP VPDN using local authentication (user testvpn password 0 testvpn) then I can connect fine, but obviously it isn't qhat I'm trying to achieve.

Anyone got any ideas?
 
It's configured like this:

aaa authentication login default group radius local enable
aaa authentication ppp default group radius

radius-server host x.x.x.x auth-port 1812 acct-port 1813 key longwindedhexadecimalbasedkey

It appears that it's when I add the line

aaa authorization network default group radius if-authenticated

it all falls down and refuses to work.
 
Last edited:
Ok, finally got the AD authentication working, but now have a new problem.

Traffic that comes in through the VPN doesn't appear to route back out through our proxy (Microsoft Forefront TMG) to the internet. Internal web traffic (such as http://intranet) works fine, but try and get beyond the perimeter and you get nothing.

I do have ip route 0.0.0.0 0.0.0.0 10.6.1.1 (10.6.1.1 being our core switch) set in the 2600's config, but I get nothing.

Ideas?
 
Here you go:

EF-VPDN#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.6.1.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets
C 10.6.1.0 is directly connected, FastEthernet0/0.1
C 10.5.1.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.6.1.1
EF-VPDN#
 
You must log in or register to reply here.
Back
Top Bottom