RADIUS authentication configuration:
RADIUS Server:
aaa-server inauth protocol radius aaa-server inauth host 10.100.50.37 key secret
aaa-server inauth host 10.100.50.36 key secret
aaa-server inauth host 10.100.50.35 key secret
VPN Policy:
ip local pool test 173.16.16.1-173.16.16.254
group-policy ScottRAD internal group-policy ScottRAD attributes
crypto ipsec transform-set RADIUSset esp-3des esp-sha-hmac crypto dynamic-map RADIUSmap 30 set transform-set RADIUSset crypto map newmap 30 ipsec-isakmp dynamic RADIUSmap
crypto map newmap interface outside isakmp enable outside
isakmp policy 30 authentication pre-share isakmp policy 30 encryption 3des
isakmp policy 30 hash sha isakmp policy 30 group 2 isakmp policy 30 lifetime 86400
tunnel-group ScottRAD type ipsec-ra tunnel-group ScottRAD general-attributes address-pool test authentication-server-group inauth default-group-policy ScottRAD tunnel-group ScottRAD ipsec-attributes pre-shared-key *
trust-point torque
Firewall Configuration
aaa-server partner-auth protocol radius
aaa-server partner-auth (inside) host 10.100.50.37 sharedsecret timeout 30
aaaauthentication include ftp outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 partner- auth
aaa authentication include http outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 partner-auth
aaa authentication include telnet outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 partner-auth
Note: You can also enter the word “any” in place of the service, ftp, telnet, etc, to have all services use authentication.
7
