Cisco Router RADIUS to IAS

[steve]

I am setting up a cisco 1700 series router to use IAS as a
radius server. The IAS will con to the DC for
authentication info. The DC and IAS are on the same box.
I am not sure where I can documentation on how people have
made this work. I know it can be done but I don't what
what I need to do. any help would be appreciated.

 

[Herb Martin]

It should be fairly straightforward, what problems are you
having?

 

[Guest]

thanks for the reply...I have searched all over the internet looking for cisco configs and ias setup info and I have tried different suggestions but none of them work. Some of the material says I need to have a certain version of the ios, other stuff gives me very strange settings for my ias....I guess I am just looking for a website or discussion forum where people have got this to work....when i use my w2k client to try and con to the vpn router...it says my username and pw do not exist on the domain...I can also see the hyperterminal output from the router and it says unable to find ias... i am sure I have the ip's configured correctly....do you have any generic router configs you could point me towards.

here are some basic questions i have..

1. can I have the dc and ias on the same box and have the cisco router get radius authentication

2. do I need special upgraded cisco software or will 12.2 ios work fine

3. the settings on ias seem prety straighforward...or do I need to do a lot more?

thankya kindl

steve

 

[Herb Martin]

guess I am just looking for a website or discussion forum where people
have got this to work....when i use my w2k client to try and con to the
Caveat: I don't have a Cisco router here doing this.
(I am giving you "shoulds" only because no one else has responded.)

vpn router...it says my username and pw do not exist on the domain...I can

also see the hyperterminal output from the router and it says unable to

My guess would be that perhaps there is (as you suggest) a "minimum IOS"
version for this to work reliably. RADIUS is a standard and either MS or
Cisco might have messed it up but both should have gotten it right by now.

here are some basic questions i have...

1. can I have the dc and ias on the same box and have the cisco router get

radius authentication?

Yes, at least I have tested the IAS-DC part of this. If the Cisco works
at all, the IAS and DC can be together.

2. do I need special upgraded cisco software or will 12.2 ios work fine?

See above -- perhaps ask on a "cisco" list.

3. the settings on ias seem prety straighforward...or do I need to do a

lot more??

Not usually.

Here's a basic conceptual checklist, but do check the help for an ACTUAL
checklist.
(Many people don't realize that "checklist" is worth searching for in MS
help.)

1) Users must generally have the RRAS allowed permission on their USER
Account
properties -- in native mode+ you can let the policy do this but
let's keep it simple.
2) A "Policy" must match (IAS and RRAS Policies are virtually identical)
3) The Policy selects a SINGLE "profile" which must make sense for
access to continue
(e.g., security settings much be compatible.)

There is an IAS general setting for using the WINDOWS authentication but
that
is the default so unless you changed that then it shouldn't be an issue.

--
Herb Martin

thanks for the reply...I have searched all over the internet looking for

cisco configs and ias setup info and I have tried different suggestions but
none of them work. Some of the material says I need to have a certain
version of the ios, other stuff gives me very strange settings for my
ias....I guess I am just looking for a website or discussion forum where
people have got this to work....when i use my w2k client to try and con to
the vpn router...it says my username and pw do not exist on the domain...I
can also see the hyperterminal output from the router and it says unable to
find ias... i am sure I have the ip's configured correctly....do you have
any generic router configs you could point me towards..