I can only tell about the VPN3000 and IOS ezvpn but it should be similar: The only thing that is needed is an appropriate services type (006) and Framed-Routing=Listen. PIX is nasty sometimes, try with service-type "Administrative" first and then lock down further. But when the connection succeeds, i.e. the VPN-client says it's connected the problem lies somewhere else beyond radius.. Either one of the stupid PIX-coduit statements (called sthg else now), (wrong) split tunnel or similar. as soon as you're connected look into the PIX-debugs..
Michael > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Alan DeKok > Sent: Tuesday, September 21, 2004 4:33 PM > To: [EMAIL PROTECTED] > Subject: Re: Authenticating but no access > > > "Saunders, Shawn" <[EMAIL PROTECTED]> wrote: > > I have Freeradius 1.0 port on FreeBSD 4.10. I'm using it > to authenticate > > our VPN connections from a PIX 525. The radius server is > located inside of > > our internal network, and it is authenticating (per the logs) fine, > > Debug mode will show you more information. Trying to figure out > what the server is doing by reading "radius.log" is a bad idea. > > > but when the VPN tunnel using Cisco VPN 4.60 is connected, the > > remote client cannot see, or connect to any internal machine, either > > in our DMZ or Internal Subnet. > > So... what attributes is your VPN client expecting to receive from > the RADIUS server, in order to set up the users VPN connection? > > This is where the VPN documenttion may come in handy. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
