(RADIATOR) Cisco VPN3030 to
Kliger, Sean C
skliger at fhcrc.org
Fri Mar 11 11:38:24 CST 2005
Hello--
We have a Cisco VPN3030 for which I'd like users to authenticate to our
Radius on Windows server (2003). We've come up with a sample config snippet
(below) and I'm wondering if one of you all would look it over and let me
know if it looks reasonable. Unfortunately, we don't have a test VPN box so
I'll need to do this during a maintenance window and would like to get lined
up so as not to incur multiple outages.
...
<Client IP address here>
Identifier CF-VPN-PUB #vpn client authentication requests
from cf-vpn can come
#either public or private interfaces
Secret xxx
</Client>
<Client IP address here>
Identifier CF-VPN-PRI #vpn client authentication requests
from cf-vpn can come
#either public or private interfaces
Secret xxx
</Client>
<Handler Client-Identifier = CF-VPN-PUB>
<AuthBy GROUP>
<AuthBy LSA>
Group VPNSW # Active Directory group
DomainController xxx
</AuthBy>
</AuthBy>
AcctLogFileName %L/detail
AuthLog remoteaccess-authlog
</Handler>
<Handler Client-Identifier = CF-VPN-PRI>
<AuthBy GROUP>
<AuthBy LSA>
Group VPNSW # Active Directory group
DomainController xxx
</AuthBy>
</AuthBy>
AcctLogFileName %L/detail
AuthLog remoteaccess-authlog
</Handler>
...
--Sean
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list