Cisco 2611 VPN group authentication

Emilie Shoop eshoop at ncsa.uiuc.edu
Tue Jan 21 15:23:17 CST 2003 

I was wondering if anyone had a sample Radiator config. for authenticating
the group information on a Cisco 2611, and subsequently handing out DNS and
WINS information?

I have my Radius set up to authenticate the users, but now would like to
move the group information (for the group VPNClients) to the radius as well.


Here is my Radius config:

# radius.cfg

LogDir /services/radius/log
DbDir /services/radius/conf
BindAddress x.x.x.x
AuthPort 1812
AcctPort 1813
Trace   5
#User
#Group


#For VPN access
<Client x.x.x.x>
    Secret   xxxx
</Client>

# For testing: this allows us to honour requests from radpwtst on localhost
<Client localhost>
    Secret mysecret
    DupInterval 0
</Client>

#Look for a Realm with an exact match on the realm name
#look for a matching regular expression Realm
#look for a <Realm DEFAULT>
#look at each Handler in the order they appear

#VPN Authentication x.x.x.x
<Handler NAS-IP-Address  = "x.x.x.x">
    <AuthBy FILE>
         Filename   %D/vpn_users
    </AuthBy>

</Handler>

#Default Handler for anything not specified above
<Handler>
    <AuthBy FILE>
    #The Filename defaults to %D/users
    </AuthBy>
</Handler>

Here is my Cisco 2611 config.:

CLIENT_VPN#sh run


aaa authentication login userauthen group radius
aaa authorization network groupauthor local
aaa session-id common
!
!

crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2
!
crypto isakmp client configuration group VPNClients
  key xxxx
  dns x.x.x.x
  wins x.x.x.x
  domain ncsa.uiuc.edu
  pool ippool
!
!
crypto ipsec transform-set SET1 esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
  set transform-set SET1
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!

interface FastEthernet0/0
  crypto map clientmap
!

ip local pool ippool x.x.x.x y.y.y.y

radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxx
radius-server retransmit 3
call rsvp-sync
!


Thanks,
Emilie

*********************************************************
   Emilie Shoop		    Network Engineer
   eshoop at ncsa.edu
   Phone:  217.244.5407  	    Cell:  217.649.8514
   National Center for Supercomputing Applications
**********************************************************

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list