7
RADIUS authentication configuration:
RADIUS Server:
aaa-server inauth protocol radius
aaa-server inauth host 10.100.50.37
key secret
aaa-server inauth host 10.100.50.36
key secret
aaa-server inauth host 10.100.50.35
key secret
VPN Policy:
ip local pool test 173.16.16.1-173.16.16.254
group-policy ScottRAD internal
group-policy ScottRAD attributes
crypto ipsec transform-set RADIUSset esp-3des esp-sha-hmac
crypto dynamic-map RADIUSmap 30 set transform-set RADIUSset
crypto map newmap 30 ipsec-isakmp dynamic RADIUSmap
crypto map newmap interface outside
isakmp enable outside
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
tunnel-group ScottRAD type ipsec-ra
tunnel-group ScottRAD general-attributes
address-pool test
authentication-server-group inauth
default-group-policy ScottRAD
tunnel-group ScottRAD ipsec-attributes
pre-shared-key *
trust-point torque
Firewall Configuration aaa-server partner-auth protocol radius
aaa-server partner-auth (inside) host 10.100.50.37 sharedsecret timeout 30
aaa authentication include ftp outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 partner-
auth
aaa authentication include http outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
partner-auth
aaa authentication include telnet outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
partner-auth
Note: You can also enter the word “any” in place of the service, ftp, telnet,
etc, to have all services use authentication.