sa540 certificate and windows 2008 radius authentication help request
My problem with the SA540 is that I need to give remote users access to an office network. Some users need access to the entire network but most only need access to one server hosting a medical application server. Problem 1: Cisco VPN 5 will not authenticate using radius from my Cisco SA540 to my Windows 2008 Active Directory server but the process works with my Cisco1921. clients added to the local SA540 users database can connect to the SA540 with the Cisco VPN 5 client. When those same clients browse to a fileserver shared directory they get a login prompt and can gain access to the domain and shared files on the server.I would like to authenticate using radius instead but need details to configure itA cisco technicians told me I may need to give active directory permission to authenticate VPN users on the VPN segment 192.168.12.0 to the local network segment 192.168.144.0. Any such change was unnecessary when doing the same thing on my Cisco1921 and neither the Dell support techs nor I can see how to do this. I am not sure if this can be true since I can get a login prompt from Active Directory and browse files on the file server. Problem 2: I cannot authenticate to the radius server Which of the following Windows 2008 authentication methods does the SA540 support? EAP Smart card or certificate (I purchased one since I could not get this to work)PEAPEAP-MSCHAP v2 MS-CHAP v2MS-CHAP Do you have any configuration information for connecting to Windows 2008? Problem 3: I purchased a 3<sup>rd</sup> party certificate to circumvent problem #2 but the router continues to answer using the self signed Cisco certificate instead of the purchased and installed one. I generated a CSR request, created a DigiCert CRT, loaded the new Cert and the CA Cert into the trusted certificates area and it looks like this: The router continues to answer using the self signed certificate that is not shown in the Authentication page.I rebooted and this has no effectI am using the latest firmware 2.1.71 I noticed that after the CSR has been submitted and the trusted certs have been added, the CSR request still shows not Uploaded I tried downloading the .pem file and it does not go awayI tried deleting the file and it does not go awayI tried rebooting and it does not go awayShould the Not Uploaded CSR request be left there forever? To test the certificate being used, DigiCert has a tool: Goto http://www.digicert.com/help/Type the certificate CN into the Server Address field Vpn5.docvera.com You will see that the result shows that the cert expires in 2018 instead of 2013 and it does not match the name. I tried creating the certificate for a Cisco device, an Apache device (the godaddy instructions said to use this) and a Microsoft device but nothing seems to work.The Digicert certificate check at www.digicert.com/help looks like this: Any help is appreciated! Gregg
May 24th, 2012 10:00pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics