(RADIATOR) VSA's (26/3076/x) for the Cisco VPN 3000 Firmware Version 4.x

Hugh Irvine hugh at open.com.au
Fri Oct 31 18:12:30 CST 2003


Hello Josh -

You can see the hex dumps of the received packets by running at trace  
5. If there are no errors when decoding the incoming request, then the  
attributes are not in the packets and you will need to configure  
something in the NAS to get them.

regards

Hugh


On 01/11/2003, at 5:58 AM, Ward, Josh wrote:

> I'm actually having a similar problem right now.  I'm not sure if I'm
> not seeing the VSA's or if my VPN 3000 isn't sending them.
>
> When I get the authentication request I see:
>
> Fri Oct 31 10:06:16 2003: DEBUG: Packet dump:
> *** Received from 132.241.67.38 port 3323 ....
> Code:       Access-Request
> Identifier: 189
> Authentic:
> Attributes:
>         User-Name = "jward"
>         User-Password = ""
>         NAS-Port = 10492
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Tunnel-Client-Endpoint = 132.241.67.22
>         NAS-IP-Address = 132.241.67.38
>         NAS-Port-Type = Virtual
>
> I know that there are other VSAs that should come in with the
> Access-Request, but I'm not seeing them.  I'm not sure if my VPN
> concentrator is configured wrong or if I'm not accepting them.
>
> Any thoughts or insight?
>
> Thanks!!!
>
> -Josh
> Network Operations
> California State University, Chico
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
> Behalf Of Karl Gaissmaier
> Sent: Friday, October 31, 2003 12:30 AM
> To: Hugh Irvine
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) VSA's (26/3076/x) for the Cisco VPN 3000
> Firmware Version 4.x
>
> Hi Hugh,
>
> Hugh Irvine schrieb:
>
>>
>> Hi Charly -
>>
>> Thanks for your mail.
>>
>> The Radiator 3.7.1 standard dictionary already has most of the
>> definitions you list below.
>>
>> I will add the additional ones that you have sent, but they will have
>
>> the existing "Altiga" prefix.
>>
>> I'll send you a copy of the modified dictionary in a seperate mail.
>
> thanks
>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>
> I just stumled over this error in the first:
>
> Fri Oct 31 09:23:17 2003: ERR: Attribute number 32 (vendor 3076) is not
> defined in your dictionary
> Fri Oct 31 09:23:17 2003: DEBUG: Packet dump:
> *** Received from 134.60.112.177 port 1287 ....
> Code:       Access-Request
> ...
>
> I can't trigger all missing attributes, since I use not all
> features of the VPN Concentrator. The most useful info for
> all new/old attributes is:
>
> http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/ 
> products_
> tech_note09186a0080094e96.shtml
>
>
> from where I've the definitions and values, from the other
> sources I took the mnemonics for the names.
>
> Regards
> 	Charly
>
> -- 
> Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
> Email:karl.gaissmaier at kiz.uni-ulm.de           Service Group Network
> Tel.: ++49 731 50-22499
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list