(RADIATOR) VSA's (26/3076/x) for the Cisco VPN 3000 Firmware Version 4.x
Hugh Irvine
hugh at open.com.au
Thu Oct 30 17:41:41 CST 2003
Hi Charly -
Thanks for your mail.
The Radiator 3.7.1 standard dictionary already has most of the
definitions you list below.
I will add the additional ones that you have sent, but they will have
the existing "Altiga" prefix.
I'll send you a copy of the modified dictionary in a seperate mail.
regards
Hugh
On 31/10/2003, at 4:03 AM, Karl Gaissmaier wrote:
> Hi Hugh or Mike,
>
> after searching for a proper VSA file for the new
> Version of the Cisco VPN Concentrator software without
> luck, I assembled a radiator compliant VSA dictionary
> from the different sources on the web.
>
> Hugh or Mike, perhaps you can put it into the
> goodies folder in the next release/patch.
>
> P.S. I know that the standard dictionary contains
> VSA's for the vendor code 3076 (formerly Altiga),
> but this is not enough for the new Software
> Versions on the Cisco VPN Concentrators.
>
> Best regards
> Charly
> --
> Karl Gaissmaier KIZ/Infrastructure, University of Ulm, Germany
> Email:karl.gaissmaier at kiz.uni-ulm.de Service Group Network
> Tel.: ++49 731 50-22499
> # --------------------------------------------------
> # Start OF Cisco VPN 3k Vendor-specific information
> # --------------------------------------------------
> #
> # Accumulated by karl.gaissmaier at kiz.uni-ulm.de, 29/10/2003
> # Please send me patches and corrections.
> #
> # Sources:
> # Cisco VPN 3000 Concentrator Vendor Specific Attributes 2.0 - 3.6
> # on
> http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/
> products_tech_note09186a0080094e96.shtml
> #
> # and:
> # cisco3k.dct, Funk Radius Dictionary File for VPN 3000 in the
> downlaod area
> # of the Cisco VPN 3000 Concentrator
> #
> # and:
> #
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/
> csacs4nt/acs31/acsuser/ad.htm#984410
> #
> #
> # The suffixes at the end of each attribute indicate if the attribute
> is a
> # Group only attribute (-G) or is a Group and/or User attribute (-G/U).
> #
> # VSA Code 3076, Cisco VPN 3000 Concentrator, formerly Altiga
> #
> VENDORATTR 3076 CVPN-3K-Access-Hours-G/U 1 string
> VENDORATTR 3076 CVPN-3K-Simultaneous-Logins-G/U 2 integer
> VENDORATTR 3076 CVPN-3K-Primary-DNS-G 5 ipaddr
> VENDORATTR 3076 CVPN-3K-Secondary-DNS-G 6 ipaddr
> VENDORATTR 3076 CVPN-3K-Primary-WINS-G 7 ipaddr
> VENDORATTR 3076 CVPN-3K-Secondary-WINS-G 8 ipaddr
> VENDORATTR 3076 CVPN-3K-SEP-Card-Assignment-G/U 9 integer
> VENDORATTR 3076 CVPN-3K-Tunneling-Protocols-G/U 11 integer
> VENDORATTR 3076 CVPN-3K-IPSec-Sec-Association-G/U 12 string
> VENDORATTR 3076 CVPN-3K-IPSec-Authentication-G 13 integer
> VENDORATTR 3076 CVPN-3K-Arg-ModeCfg-IPSec-Banner 15 string
> VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Allow-Passwd-Store-G 16 integer
> VENDORATTR 3076 CVPN-3K-Use-Client-Address-G/U 17 integer
> VENDORATTR 3076 CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U 18 integer
> VENDORATTR 3076 CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U 19 integer
> VENDORATTR 3076 CVPN-3K-PPTP-Encryption-G 20 integer
> VENDORATTR 3076 CVPN-3K-L2TP-Encryption-G 21 integer
> VENDORATTR 3076 CVPN-3k-Arg-Authentication-Server-Type 22 integer
> VENDORATTR 3076 CVPN-3k-Arg-Authentication-Server-Password 23 string
> VENDORATTR 3076 CVPN-3k-Arg-Request-Authenticator-Vector 24 string
> VENDORATTR 3076 CVPN-3k-IPSec-LTL-Keepalives 25 integer
> VENDORATTR 3076 CVPN-3k-Arg-IPSec-Group-Name 26 integer
> VENDORATTR 3076 CVPN-3K-Arg-ModeCfg-IPSec-Split-Tunnel-List 27 string
> VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Default-Domain-G 28 string
> VENDORATTR 3076 CVPN-3K-IPSec-Secondary-Domain-List-G 29 string
> VENDORATTR 3076 CVPN-3K-IPSec-Tunnel-Type-G 30 integer
> VENDORATTR 3076 CVPN-3K-IPSec-Mode-Config-G 31 integer
> VENDORATTR 3076 CVPN-3k-Arg-Authentication-Server-Priority 32 integer
> VENDORATTR 3076 CVPN-3K-IPSec-User-Group-Lock-G 33 integer
> VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Over-UDP-G 34 integer
> VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Over-UDP-Port-Num-G 35 integer
> VENDORATTR 3076 CVPN-3K-IPSec-Banner2-G 36 string
> VENDORATTR 3076 CVPN-3K-PPTP-MPPC-Compression-G 37 integer
> VENDORATTR 3076 CVPN-3K-L2TP-MPPC-Compression-G 38 integer
> VENDORATTR 3076 CVPN-3K-IP-Compression-G 39 integer
> VENDORATTR 3076 CVPN-3K-IKE-Peer-ID-Check-G 40 integer
> VENDORATTR 3076 CVPN-3K-IKE-Keepalives-G 41 integer
> VENDORATTR 3076 CVPN-3K-IPSec-Auth-On-Rekey-G 42 integer
> VENDORATTR 3076 CVPN-3K-Required-FW-Vendor-Code-G 45 integer
> VENDORATTR 3076 CVPN-3K-Required-FW-Product-Code-G 46 integer
> VENDORATTR 3076 CVPN-3K-Required-FW-Description-G 47 string
> VENDORATTR 3076 CVPN-3K-Require-HW-Client-Auth-G 48 integer
> VENDORATTR 3076 CVPN-3K-Require-Individ-User-Auth-G 49 integer
> VENDORATTR 3076 CVPN-3K-User-Idle-Timeout-G 50 integer
> VENDORATTR 3076 CVPN-3K-Cisco-IP-Phone-Bypass-G 51 integer
> VENDORATTR 3076 CVPN-3K-IPSec-Split-Tunnel-Policy-G 55 integer
> VENDORATTR 3076 CVPN-3K-Client-FW-Capability-G 56 integer
> VENDORATTR 3076 CVPN-3K-Client-FW-Filter-Name-G 57 string
> VENDORATTR 3076 CVPN-3K-Client-FW-Optional-G 58 integer
> VENDORATTR 3076 CVPN-3K-Backup-IPSec-Servers-G 59 integer
> VENDORATTR 3076 CVPN-3K-Backup-IPSec-Server-List-G 60 string
> VENDORATTR 3076 CVPN-3k-DHCP-Network-Scope-G 61 ipaddr
> VENDORATTR 3076 CVPN-3K-Intercept-DHCP-Config-Msg-G 62 integer
> VENDORATTR 3076 CVPN-3K-MS-Client-Subnet-Mask-G 63 ipaddr
> VENDORATTR 3076 CVPN-3K-Allow-Network-Ext-Mode-G 64 integer
> VENDORATTR 3076 CVPN-3k-IPSec-Authorization-Type-G 65 integer
> VENDORATTR 3076 CVPN-3k-IPSec-Authorization-Required-G 66 integer
> VENDORATTR 3076 CVPN-3k-IPSec-DN-Field-G 67 string
> VENDORATTR 3076 CVPN-3k-IPSec-Confidence-Level-G 68 integer
> VENDORATTR 3076 CVPN-3k-LEAP-Bypass-G 75 integer
> VENDORATTR 3076 CVPN-3K-Part-Primary-DHCP-G 128 ipaddr
> VENDORATTR 3076 CVPN-3K-Part-Secondary-DHCP-G 129 ipaddr
> VENDORATTR 3076 CVPN-3K-Part-Premise-Router-G 131 ipaddr
> VENDORATTR 3076 CVPN-3K-Part-Max-Sessions-G 132 integer
> VENDORATTR 3076 CVPN-3K-Part-Mobile-IP-Key-G 133 integer
> VENDORATTR 3076 CVPN-3K-Part-Mobile-IP-Address-G 134 ipaddr
> VENDORATTR 3076 CVPN-3K-Strip-Realm-G 135 integer
> VENDORATTR 3076 CVPN-3K-Part-Strip-Realm-G 136 integer
> VENDORATTR 3076 CVPN-3K-Part-Group-ID-G 137 integer
>
> VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP1 1
> VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP2 2
> VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP3 4
> VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP4 8
> VALUE CVPN-3K-SEP-Card-Assignment-G/U Any-SEP 15
>
> VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP 1
> VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP 2
> VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-and-L2TP 3
> VALUE CVPN-3K-Tunneling-Protocols-G/U IPSec 4
> VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-and-IPSec 5
> VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP-and-IPSec 6
> VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-L2TP-IPSec 7
> VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP/IPSec 8
> VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-and-L2TP/IPSec 9
> VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP-and-L2TP/IPSec 10
> VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-L2TP-L2TP/IPSec 11
>
> VALUE CVPN-3K-IPSec-Authentication-G None 0
> VALUE CVPN-3K-IPSec-Authentication-G RADIUS 1
> VALUE CVPN-3K-IPSec-Authentication-G NTDomain 3
> VALUE CVPN-3K-IPSec-Authentication-G SDI 4
> VALUE CVPN-3K-IPSec-Authentication-G Internal 5
> VALUE CVPN-3K-IPSec-Authentication-G RADIUS-with-Expiry 6
>
> VALUE CVPN-3K-ModeCfg-IPSec-Allow-Passwd-Store-G Allow 1
> VALUE CVPN-3K-ModeCfg-IPSec-Allow-Passwd-Store-G Disallow 0
>
> VALUE CVPN-3K-Use-Client-Address-G/U Allow 1
> VALUE CVPN-3K-Use-Client-Address-G/U Disallow 0
>
> VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U PAP 1
> VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U CHAP 2
> VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U EAP-MD5 4
> VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U EAP-GTC 8
> VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U EAP-TLS 16
> VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U MSCHAP 32
> VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U MSCHAP2 64
>
> VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U PAP 1
> VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U CHAP 2
> VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U EAP-MD5 4
> VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U EAP-GTC 8
> VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U EAP-TLS 16
> VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U MSCHAP 32
> VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U MSCHAP2 64
>
> VALUE CVPN-3K-PPTP-Encryption-G 40bit 2
> VALUE CVPN-3K-PPTP-Encryption-G 40-Encryption-Req 3
> VALUE CVPN-3K-PPTP-Encryption-G 128 4
> VALUE CVPN-3K-PPTP-Encryption-G 128-Encryption-Req 5
> VALUE CVPN-3K-PPTP-Encryption-G 40-or-128 6
> VALUE CVPN-3K-PPTP-Encryption-G 40-or-128-Encry-Req 7
> VALUE CVPN-3K-PPTP-Encryption-G 40-Stateless-Req 10
> VALUE CVPN-3K-PPTP-Encryption-G 40-Enc/Stateless-Req 11
> VALUE CVPN-3K-PPTP-Encryption-G 128-Stateless-Req 12
> VALUE CVPN-3K-PPTP-Encryption-G 128-Enc/Stateless-Req 13
> VALUE CVPN-3K-PPTP-Encryption-G 40/128-Stateless-Req 14
> VALUE CVPN-3K-PPTP-Encryption-G 40/128-Enc/Statls-Req 15
>
> VALUE CVPN-3K-L2TP-Encryption-G 40bit 2
> VALUE CVPN-3K-L2TP-Encryption-G 40-Encryption-Req 3
> VALUE CVPN-3K-L2TP-Encryption-G 128 4
> VALUE CVPN-3K-L2TP-Encryption-G 128-Encryption-Req 5
> VALUE CVPN-3K-L2TP-Encryption-G 40-or-128 6
> VALUE CVPN-3K-L2TP-Encryption-G 40-or-128-Encry-Req 7
> VALUE CVPN-3K-L2TP-Encryption-G 40-Stateless-Req 10
> VALUE CVPN-3K-L2TP-Encryption-G 40-Enc/Stateless-Req 11
> VALUE CVPN-3K-L2TP-Encryption-G 128-Stateless-Req 12
> VALUE CVPN-3K-L2TP-Encryption-G 128-Enc/Stateless-Req 13
> VALUE CVPN-3K-L2TP-Encryption-G 40/128-Stateless-Req 14
> VALUE CVPN-3K-L2TP-Encryption-G 40/128-Enc/Statls-Req 15
>
> VALUE CVPN-3k-Arg-Authentication-Server-Type First-Active-Server 0
> VALUE CVPN-3k-Arg-Authentication-Server-Type RADIUS 1
> VALUE CVPN-3k-Arg-Authentication-Server-Type LDAP 2
> VALUE CVPN-3k-Arg-Authentication-Server-Type NT 3
> VALUE CVPN-3k-Arg-Authentication-Server-Type SDI 4
> VALUE CVPN-3k-Arg-Authentication-Server-Type Internal 5
>
> VALUE CVPN-3k-IPSec-LTL-Keepalives ON 1
> VALUE CVPN-3k-IPSec-LTL-Keepalives OFF 0
>
> VALUE CVPN-3K-IPSec-Tunnel-Type-G LAN-to-LAN 1
> VALUE CVPN-3K-IPSec-Tunnel-Type-G Remote-Access 2
>
> VALUE CVPN-3K-IPSec-Mode-Config-G ON 1
> VALUE CVPN-3K-IPSec-Mode-Config-G OFF 0
>
> VALUE CVPN-3K-IPSec-User-Group-Lock-G ON 1
> VALUE CVPN-3K-IPSec-User-Group-Lock-G OFF 0
>
> VALUE CVPN-3K-ModeCfg-IPSec-Over-UDP-G ON 1
> VALUE CVPN-3K-ModeCfg-IPSec-Over-UDP-G OFF 0
>
> VALUE CVPN-3K-PPTP-MPPC-Compression-G ON 1
> VALUE CVPN-3K-PPTP-MPPC-Compression-G OFF 2
>
> VALUE CVPN-3K-L2TP-MPPC-Compression-G ON 1
> VALUE CVPN-3K-L2TP-MPPC-Compression-G OFF 2
>
> VALUE CVPN-3K-IP-Compression-G None 0
> VALUE CVPN-3K-IP-Compression-G LZS 1
>
> VALUE CVPN-3K-IKE-Peer-ID-Check-G Required 1
> VALUE CVPN-3K-IKE-Peer-ID-Check-G If-supported-by-cert 2
> VALUE CVPN-3K-IKE-Peer-ID-Check-G Do-not-check 3
>
> VALUE CVPN-3K-IKE-Keepalives-G ON 1
> VALUE CVPN-3K-IKE-Keepalives-G OFF 0
>
> VALUE CVPN-3K-IPSec-Auth-On-Rekey-G ON 1
> VALUE CVPN-3K-IPSec-Auth-On-Rekey-G OFF 0
>
> VALUE CVPN-3K-Require-HW-Client-Auth-G ON 1
> VALUE CVPN-3K-Require-HW-Client-Auth-G OFF 0
>
> VALUE CVPN-3K-Require-Individ-User-Auth-G ON 1
> VALUE CVPN-3K-Require-Individ-User-Auth-G OFF 0
>
> VALUE CVPN-3K-Cisco-IP-Phone-Bypass-G Enabled 1
> VALUE CVPN-3K-Cisco-IP-Phone-Bypass-G Disabled 2
>
> VALUE CVPN-3K-IPSec-Split-Tunnel-Policy-G Tunnel-Everything
> 0
> VALUE CVPN-3K-IPSec-Split-Tunnel-Policy-G Only-tunnel-networks-in-list
> 1
> VALUE CVPN-3K-IPSec-Split-Tunnel-Policy-G
> Tunnel-Everything-but-Local-Lan 2
>
> VALUE CVPN-3K-Client-FW-Capability-G None 0
> VALUE CVPN-3K-Client-FW-Capability-G Policy-Defined-by-remote-FW-AYT 1
> VALUE CVPN-3K-Client-FW-Capability-G Policy-Pushed-CPP 2
> VALUE CVPN-3K-Client-FW-Capability-G Policy-from-server 4
>
> VALUE CVPN-3K-Client-FW-Optional-G Optional 1
> VALUE CVPN-3K-Client-FW-Optional-G Required 0
>
> VALUE CVPN-3K-Backup-IPSec-Servers-G Use-Client-Configured-List 1
> VALUE CVPN-3K-Backup-IPSec-Servers-G Disable-and-Clear-Client-List 2
> VALUE CVPN-3K-Backup-IPSec-Servers-G Use-Backup-Server-List 3
>
> VALUE CVPN-3K-Intercept-DHCP-Config-Msg-G YES 1
> VALUE CVPN-3K-Intercept-DHCP-Config-Msg-G NO 0
>
> VALUE CVPN-3K-Allow-Network-Ext-Mode-G YES 1
> VALUE CVPN-3K-Allow-Network-Ext-Mode-G NO 0
>
> VALUE CVPN-3k-IPSec-Authorization-Type-G None 0
> VALUE CVPN-3k-IPSec-Authorization-Type-G RADIUS 1
> VALUE CVPN-3k-IPSec-Authorization-Type-G LDAP 2
>
> VALUE CVPN-3k-IPSec-Authorization-Required-G YES 1
> VALUE CVPN-3k-IPSec-Authorization-Required-G NO 0
>
> VALUE CVPN-3k-LEAP-Bypass-G YES 1
> VALUE CVPN-3k-LEAP-Bypass-G NO 0
>
> VALUE CVPN-3K-Strip-Realm-G ON 1
> VALUE CVPN-3K-Strip-Realm-G OFF 0
>
> VALUE CVPN-3K-Part-Strip-Realm-G ON 1
> VALUE CVPN-3K-Part-Strip-Realm-G OFF 0
>
> # ------------------------------------------------
> # END OF Cisco VPN 3k Vendor-specific information
> # ------------------------------------------------
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list