Re: Cisco AAA via Win2k3 IAS
- From: "Manjunath Bharadwaj [MSFT]" <mbhara@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 Apr 2005 18:48:38 -0700
Hello Scotty,
In the log file you have "31,203.40.173.129". It means that the attribute 31
has a value of 203.40.173.129. Atribute 31 in RADIUS stands for
Calling-Station-Id so thats the address of your client. (You can find more
information about this in the help file which is shipped with the IAS
management console).
If IAS is not responding to your Cisco messages, I would ask you to look at
your EventLog on the IAS machine. IAS will log an event telling you why it
was discarded. My guess: the cisco device is not in your IAS RADIUS clients
list or the shared secrets dont match.
If the eventlogs are not helpful, turn on tracing "netsh ras set tracing *
enabled" and copy the log files from %windir%\tracing and I can take a look.
Thanks, Manju
+++++++++++++++++++++++++++++++++++++++++++++++
This posting is provided "AS IS" with no warranties, and confers no rights
<anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:090601c53fc7$3fd9fe60$a601280a@xxxxxxxxxx
>I should have included the logs from the IAS server.
>
> This is all I get (multiple times):
>
> 192.168.1.254,USERNAME,04/12/2005,17:13:44,IAS,IASSERVER,3
> 1,203.40.173.129,61,5,4,192.168.1.254,4108,192.168.1.254,4
> 116,9,4128,192.168.1.254,4155,1,25,311 1 192.168.6.2
> 04/12/2005 07:07:31
> 1,4129,PEERLESSJAL\USERNAME,4127,1,4130,peerlessjal.com.au
> /VIC/Scott Cannon,4136,1,4142,0
> 192.168.1.254,USERNAME,04/12/2005,17:13:44,IAS,IASSERVER,2
> 5,311 1 192.168.6.2 04/12/2005 07:07:31
> 1,4130,peerlessjal.com.au/VIC/Scott Cannon,4149,Allow
> access if dial-in permission is
> enabled,4108,192.168.1.254,4116,9,4128,192.168.1.254,4155,
> 1,4154,Use Windows authentication for all
> users,4129,PEERLESSJAL\USERNAME,4127,1,4136,3,4142,66
>
> I've just noticed an IP address in this log that I do not
> know. Can anyone tell me what 203.40.173.129 is referring
> to? By that I mean what the function of the machine in
> this same spot as this IP is.
>
> This has really got me badoozled! Any help is greatly
> appreciated.
>
>>-----Original Message-----
>>Hi.
>>
>>I am having trouble getting my IAS server to
> authenticate
>>users connecting to my Cisco Easy VPN Server.
>>
>>I have set all the required parameters on the CISCO
>>device:
>>
>>aaa authentication login default local
>>aaa authorization exec default local
>>aaa authorization network default local
>>
>>radius-server host 192.168.1.1 auth-port 1645 acct-port
>>1646 key 7 blahblahblah
>>
>>On the IAS server I have set the Cisco device up as a
>>RADIUS client with a pre-shared key and allowed no
>>encryption between the nodes. My access policy is a
>>simple one not that it matters, I don't get to that
> stage.
>>
>>The Cisco device forwards the requests to the IAS server
>>but the IAS server does not respond.
>>
>>If anyone has afew pointers for setting this up I'd
>>really appreciate you sharing them with me.
>>
>>Thanks
>>.
>>
.
- References:
- Cisco AAA via Win2k3 IAS
- From: ScottyC
- Cisco AAA via Win2k3 IAS
- From: anonymous
- Cisco AAA via Win2k3 IAS
- Prev by Date: Cisco AAA via Win2k3 IAS
- Next by Date: Re: Cisco AAA via Win2k3 IAS
- Previous by thread: Cisco AAA via Win2k3 IAS
- Next by thread: Re: Cisco AAA via Win2k3 IAS
- Index(es):
Relevant Pages
|
