Cisco 2611 VPN group authentication
Emilie Shoop
eshoop at ncsa.uiuc.edu
Tue Jan 21 15:23:17 CST 2003
I was wondering if anyone had a sample Radiator config. for authenticating
the group information on a Cisco 2611, and subsequently handing out DNS and
WINS information?
I have my Radius set up to authenticate the users, but now would like to
move the group information (for the group VPNClients) to the radius as well.
Here is my Radius config:
# radius.cfg
LogDir /services/radius/log
DbDir /services/radius/conf
BindAddress x.x.x.x
AuthPort 1812
AcctPort 1813
Trace 5
#User
#Group
#For VPN access
<Client x.x.x.x>
Secret xxxx
</Client>
# For testing: this allows us to honour requests from radpwtst on localhost
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
#Look for a Realm with an exact match on the realm name
#look for a matching regular expression Realm
#look for a <Realm DEFAULT>
#look at each Handler in the order they appear
#VPN Authentication x.x.x.x
<Handler NAS-IP-Address = "x.x.x.x">
<AuthBy FILE>
Filename %D/vpn_users
</AuthBy>
</Handler>
#Default Handler for anything not specified above
<Handler>
<AuthBy FILE>
#The Filename defaults to %D/users
</AuthBy>
</Handler>
Here is my Cisco 2611 config.:
CLIENT_VPN#sh run
aaa authentication login userauthen group radius
aaa authorization network groupauthor local
aaa session-id common
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPNClients
key xxxx
dns x.x.x.x
wins x.x.x.x
domain ncsa.uiuc.edu
pool ippool
!
!
crypto ipsec transform-set SET1 esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set SET1
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/0
crypto map clientmap
!
ip local pool ippool x.x.x.x y.y.y.y
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxx
radius-server retransmit 3
call rsvp-sync
!
Thanks,
Emilie
*********************************************************
Emilie Shoop Network Engineer
eshoop at ncsa.edu
Phone: 217.244.5407 Cell: 217.649.8514
National Center for Supercomputing Applications
**********************************************************
-------------------------------------------------------
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list