[c-nsp] Vpn Client to PIX with MSCHAP authentication - possible?

Alexander Serkin als at cell.ru
Wed Oct 19 09:13:19 EDT 2005


Hi all.
I wonder if it is possible to use MSCHAP authentication when vpn client 
(4.7) accesses the pix (7.0(2))?
I think it should work because it worked for me for some time: vpn 
client opened the auth window with three fields
Username
Password
Domain
and then my radius got an access-request with mschap credentials.

But. After some magic passes this feature disappeared comletely.
Now the client gives two-field in authentication window
Username
Password
and the access-request comes to radius with plain User-Password attribute:

         User-Name = "xxxxxx"
         User-Password = "xxxxxx"
         NAS-Port = 81
         Service-Type = Framed-User
         Framed-Protocol = PPP
         Called-Station-Id = "xx.xx.xx.xx"
         Calling-Station-Id = "xx.xx.xx.xx"
         Tunnel-Client-Endpoint:0 = "xx.xx.xx.xx"
         NAS-IP-Address = x.x.x.x
         NAS-Port-Type = Virtual
         Cisco-AVPair = "ip:source-ip=xx.xx.xx.xx"

I surfed through the vpn client docs and found nothing about 
authentication methods. Then i surfed through PIX docs and found nothing 
about the auth methods that can be used with Cisco VPN Client.

Now i'm confused completely about the reason why the ability to do 
MSCHAP disappeared :-)

-- 
Sincerely Yours,
Alexander


More information about the cisco-nsp mailing list