(RADIATOR) cisco 3000 VPN external group attrs

Troy Holder troy at ncstate.net
Mon Feb 7 21:06:44 CST 2005


We tackled this by using groups. We have everyone log in with a base group
 (ncsu) and then we have RADIUS tell the concentrator what group to put
the user in. These groups (network staff, systems staff, general staff)
then have everything setup (ip address ranges, split tunneling, etc) for
that user.
The URL at cisco we used for this is at:
     http://www.cisco.com/warp/public/471/altigagroup.html
I hope this helps and I did not totally miss something.

> Hi all,
>
> I've got a Cisco 3060 VPN doing external group auth to radiator.  All
> is working fine (though I really with there was a good way to
> distinguish VPN groups from users, but Cisco apparently isn't making
> that easy - any suggestions?).  However, if I want to pass up different
> split tunneling policies to the VPN, I have a problem with specifying
> the particular network list to use.  The VPN has some network lists
> defined on it, like the default "VPN Client Local LAN (Default)" list,
> as well as one I added called "UCSB Nets".  Do I reference them by
> those names on the VPN?
>
> I thought something like this might work:
>
> # full tunneling with local net bypass
> Altiga-IPSec-Split-Tunnel-Policy-G = Local-Net-Bypass,
> Altiga-IPSec-Split-Tunnel-List-G = "VPN Client Local LAN (Default)"
>
> but it doesn't.  Neither does something like:
>
> # split tunneling, campus space only
> Altiga-IPSec-Split-Tunnel-Policy-G = Split-Tunnel-Net-List,
> Altiga-IPSec-Split-Tunnel-List-G = "UCSB Nets"
>
> Doing a network list numerically like "0.0.0.0/0.0.0.0" (for local LAN
> split tunneling, for instance) doesn't seem to work either.  Anyone out
> there have any wisdom to spare?
>
> --
> Andrew Clark
> Campus Network Programmer
> Office of Information Technology
> University of California, Santa Barbara
> andrew.clark at ucsb.edu (805) 893-5311
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


--
-----------------------------------
| Troy Holder    troy at ncstate.net |
|     Senior Network Engineer     |
|   Communication Technologies    |
| North Carolina State University |
-----------------------------------

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list