RADIUS authentication configuration:

RADIUS Server:

aaa-server inauth protocol radius aaa-server inauth host 10.100.50.37 key secret

aaa-server inauth host 10.100.50.36 key secret

aaa-server inauth host 10.100.50.35 key secret

VPN Policy:

ip local pool test 173.16.16.1-173.16.16.254

group-policy ScottRAD internal group-policy ScottRAD attributes

crypto ipsec transform-set RADIUSset esp-3des esp-sha-hmac crypto dynamic-map RADIUSmap 30 set transform-set RADIUSset crypto map newmap 30 ipsec-isakmp dynamic RADIUSmap

crypto map newmap interface outside isakmp enable outside

isakmp policy 30 authentication pre-share isakmp policy 30 encryption 3des

isakmp policy 30 hash sha isakmp policy 30 group 2 isakmp policy 30 lifetime 86400

tunnel-group ScottRAD type ipsec-ra tunnel-group ScottRAD general-attributes address-pool test authentication-server-group inauth default-group-policy ScottRAD tunnel-group ScottRAD ipsec-attributes pre-shared-key *

trust-point torque

Firewall Configuration

aaa-server partner-auth protocol radius

aaa-server partner-auth (inside) host 10.100.50.37 sharedsecret timeout 30

aaaauthentication include ftp outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 partner- auth

aaa authentication include http outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 partner-auth

aaa authentication include telnet outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 partner-auth

Note: You can also enter the word “any” in place of the service, ftp, telnet, etc, to have all services use authentication.

7

Page 6 Page 8
Page 7
Image 7
Cisco Systems PIX IOS 7.0(2) manual Radius authentication configuration, Radius Server
Page 6 Page 8
Top Page Image Contents