[c-nsp] IPsec cisco VPN client and Radius

[Palis Michael]

Hello all 

 

I am trying to configure IPsec between a user running Cisco VPN client and a
Cisco router. Local authentication works really fine. Changing to radius
authentication, my radius rejects the requests from the router for the
client's user name.

 

Here is the output from debug radius

 

ov 22 15:29:45 EET: RADIUS:  NAS-IP-Address      [4]   6   192.168.2.1


Nov 22 15:29:45 EET: RADIUS:  Vendor, Cisco       [26]  14  

Nov 22 15:29:45 EET: RADIUS:   cisco-nas-port     [2]   8   "ISAKMP"

Nov 22 15:29:45 EET: RADIUS:  NAS-Port-Type       [61]  6   Async
[0]

Nov 22 15:29:45 EET: RADIUS:  User-Name           [1]   10  "user18"

Nov 22 15:29:45 EET: RADIUS:  Calling-Station-Id  [31]  16  "192.168.1.1"

Nov 22 15:29:45 EET: RADIUS:  User-Password       [2]   18  *

Nov 22 15:29:50 EET: RADIUS: Retransmit to (192.168.3.1:1812,1813) for id
21648/118

Nov 22 15:29:50 EET: RADIUS: Received from id 21648/118 192.168.3.1:1812,
Access-Reject, len 20

Nov 22 15:29:50 EET: RADIUS:  authenticator A8 81 03 2C 62 54 86 91 - A7 59
B6 07 E1 A4 E1 4D

Nov 22 15:29:50 EET: RADIUS: Pick NAS IP for u=0x63E8D1FC tableid=0
cfg_addr=192.168.2.1 best_addr=0.0.0.0

Nov 22 15:29:50 EET: RADIUS: ustruct sharecount=2

Nov 22 15:29:50 EET: Radius: radius_port_info() success=0 radius_nas_port=1

Nov 22 15:29:50 EET: RADIUS: added cisco VSA 2 len 6 "ISAKMP"

Nov 22 15:29:50 EET: RADIUS(00000000): Send Access-Request to 192.168.3.1
:1812 id 21648/119, len 90

 

 

Do I need to use a special attribute for the user on the radius
configuration in order for the client to be able to authenicate? Note that
radius works fine for normal user authentication

 

Any help will be appreciated.