(RADIATOR) cisco 3000 VPN external group attrs
Andrew D. Clark
andrew.clark at ucsb.edu
Mon Feb 7 19:22:29 CST 2005
Hi all,
I've got a Cisco 3060 VPN doing external group auth to radiator. All
is working fine (though I really with there was a good way to
distinguish VPN groups from users, but Cisco apparently isn't making
that easy - any suggestions?). However, if I want to pass up different
split tunneling policies to the VPN, I have a problem with specifying
the particular network list to use. The VPN has some network lists
defined on it, like the default "VPN Client Local LAN (Default)" list,
as well as one I added called "UCSB Nets". Do I reference them by
those names on the VPN?
I thought something like this might work:
# full tunneling with local net bypass
Altiga-IPSec-Split-Tunnel-Policy-G = Local-Net-Bypass,
Altiga-IPSec-Split-Tunnel-List-G = "VPN Client Local LAN (Default)"
but it doesn't. Neither does something like:
# split tunneling, campus space only
Altiga-IPSec-Split-Tunnel-Policy-G = Split-Tunnel-Net-List,
Altiga-IPSec-Split-Tunnel-List-G = "UCSB Nets"
Doing a network list numerically like "0.0.0.0/0.0.0.0" (for local LAN
split tunneling, for instance) doesn't seem to work either. Anyone out
there have any wisdom to spare?
--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list