RADIUS authentication is one of the more secure ways to allow users remote access using their Active Directory credentials.  This begs the question though, how then do I disable RADIUS authentication if I only have a single domain controller within my infrastructure and it’s down?
The most simple way to go about this is to do the following after connecting to the outside interface of the PIX via Putty:
Step 1: Login to the PIX via Putty
Step 2: Enter in the username and password
Step 3: Type “enable” (without the quotations)
Step 4: Enter in the password again
Step 5: Type “conf t”
Step 6: Type “no crypto map mymap client authentication radiusauth”
Step 7: Type “write mem”
Step 8: Type “exit”
At this point, you can connect to the Cisco VPN without having to authenticate.  Once the issue has been resolved with the domain controller, put radius authentication back to the way it was configured before.
Step 1: Login to the pix via Putty
Step 2: Enter in the username and password
Step 3: Type “enable”
Step 4: Type the password again for the PIX
Step 5: Type “conf t”
Step 6: Type “crypto map mymap client authentication radiusauth”
Step 7: Type “write mem”
Step 8: Type “exit”
Step 9: Attempt to connect back to the VPN and verify that you are prompted to authenticate.
Digg This | Save to del.icio.us
Comments
You can follow this conversation by subscribing to the comment feed for this post.
Leave a Comment