Configuring Funk RADIUS to Authenticate Cisco VPN Clients

Available Languages

Download Options

  • PDF     (8.2 KB)
    View with Adobe Reader on a variety of devices
Updated:January 14, 2008
Document ID:13832

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document shows how to configure the VPN 3000 Concentrator and the Funk RADIUS server to work together to authenticate a Cisco VPN Client. After authenticating the VPN Client, the Funk RADIUS server then provides the Client with IP addresses.

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

The information presented in this document assumes that you have configured the private and public interfaces on the VPN Concentrator.

Components Used

The information in this document is based on all releases of the VPN 3000 Concentrator and applies to both the Cisco VPN 3000 Client (2.5.x) and the Cisco VPN Client (3.x).

This information was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Configuring the VPN 3000 Concentrator

Follow the steps below to configure the VPN Concentrator side.

  1. Go to Configuration > System > Servers > Authentication and click Add. For the Server Type, select Internal, then click Add.

  2. Go to Configuration > System > Servers > Authentication, click Add, and configure the following parameters.

    • Server Type: Select RADIUS.

    • Authentication Server: Enter the IP address or host name of the RADIUS server.

    • Server Secret: Enter the exact same string as that on the RADIUS server.

    When you have configured these parameters, click Add.

  3. Go to Configuration > System > Address Management and check the option for Use Address from Authentication Server.

  4. Go to Configuration > User Management > Groups, click Add, and configure the parameters for group identity, DNS, and authentication.

    • On the Identity tab, set the following parameters.

      • Group Name (case sensitive)

      • Password (case sensitive)

    • On the General tab, set the following parameters.

      • Primary DNS

      • Secondary DNS

      • Primary WINS

      • Secondary WINS

      Note: The IP addresses of the two WINS servers are passed to the VPN Client upon connection.

    • On the IPSec tab, set the following parameters.

      • Authentication: Select RADIUS.

    When you have configured these parameters, click Add.

With the release of 3.0 and later, you can configure individual Funk RADIUS servers for individual groups, as opposed to one Funk RADIUS server defined globally and used by all groups. Any groups that do not have individual Funk RADIUS servers configured will use the Funk server that is defined globally.

The example above defines one global Funk RADIUS server. You can also choose to define individual Funk RADIUS servers for each group. To do this, go to Configuration > User Management > Groups, highlight a group, and choose Modify Auth Server.

Configuring the RADIUS Server

Follow the steps below to configure the RADIUS server to communicate with the VPN Concentrator. For more complete information on the server, refer to Funk Software or Juniper Networks leavingcisco.com.

  1. On the RAS Client menu, click Add and configure the parameters for client name, IP address and make/model.

    • Client Name: Enter the name of the VPN Concentrator.

    • IP Address: Enter the address of the interface that communicates with the RADIUS server. (The RADIUS server views the VPN Concentrator as a RADIUS client.)

    • Make/Model: Enter VPN 3000 Concentrator.

  2. Click Edit authentication secret and enter the shared secret, then click Save.

  3. On the Users menu, choose the user/group you have set up and add return-list attributes for class and framed IP address.

    • Class: Enter the Group Name you configured in Step 4 above.

    • Framed IP Address: Enter the IP address or the pool name of the VPN Concentrator.

  4. Stop and restart the RADIUS Service.

Related Information

Revision History

Revision Publish Date Comments
1.0
14-Jan-2008
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products