[c-nsp] Vpn Client to PIX with MSCHAP authentication - possible?
Alexander Serkin
als at cell.ru
Wed Oct 19 09:13:19 EDT 2005
Hi all.
I wonder if it is possible to use MSCHAP authentication when vpn client
(4.7) accesses the pix (7.0(2))?
I think it should work because it worked for me for some time: vpn
client opened the auth window with three fields
Username
Password
Domain
and then my radius got an access-request with mschap credentials.
But. After some magic passes this feature disappeared comletely.
Now the client gives two-field in authentication window
Username
Password
and the access-request comes to radius with plain User-Password attribute:
User-Name = "xxxxxx"
User-Password = "xxxxxx"
NAS-Port = 81
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "xx.xx.xx.xx"
Calling-Station-Id = "xx.xx.xx.xx"
Tunnel-Client-Endpoint:0 = "xx.xx.xx.xx"
NAS-IP-Address = x.x.x.x
NAS-Port-Type = Virtual
Cisco-AVPair = "ip:source-ip=xx.xx.xx.xx"
I surfed through the vpn client docs and found nothing about
authentication methods. Then i surfed through PIX docs and found nothing
about the auth methods that can be used with Cisco VPN Client.
Now i'm confused completely about the reason why the ability to do
MSCHAP disappeared :-)
--
Sincerely Yours,
Alexander
More information about the cisco-nsp
mailing list