(RADIATOR) cisco 3000 VPN external group attrs

Andrew D. Clark andrew.clark at ucsb.edu
Mon Feb 7 19:22:29 CST 2005


Hi all,

I've got a Cisco 3060 VPN doing external group auth to radiator.  All 
is working fine (though I really with there was a good way to 
distinguish VPN groups from users, but Cisco apparently isn't making 
that easy - any suggestions?).  However, if I want to pass up different 
split tunneling policies to the VPN, I have a problem with specifying 
the particular network list to use.  The VPN has some network lists 
defined on it, like the default "VPN Client Local LAN (Default)" list, 
as well as one I added called "UCSB Nets".  Do I reference them by 
those names on the VPN?

I thought something like this might work:

# full tunneling with local net bypass
Altiga-IPSec-Split-Tunnel-Policy-G = Local-Net-Bypass,
Altiga-IPSec-Split-Tunnel-List-G = "VPN Client Local LAN (Default)"

but it doesn't.  Neither does something like:

# split tunneling, campus space only
Altiga-IPSec-Split-Tunnel-Policy-G = Split-Tunnel-Net-List,
Altiga-IPSec-Split-Tunnel-List-G = "UCSB Nets"

Doing a network list numerically like "0.0.0.0/0.0.0.0" (for local LAN 
split tunneling, for instance) doesn't seem to work either.  Anyone out 
there have any wisdom to spare?

--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list