[RADIATOR] ERR: Attribute number 146 (vendor 3076) is not defined in your dictionary aka Cisco bought Altiga in 2000

Alexander Hartmaier alexander.hartmaier at t-systems.at
Wed Feb 27 08:10:15 CST 2013


On 2013-02-26 22:35, Heikki Vatiainen wrote:
> On 02/26/2013 07:04 PM, Alexander Hartmaier wrote:
>
>> After some googling I've found the answer to this question [1] asked on
>> this list in 2003 [2]
>> Seems Cisco ASAs, which where called PIX before, where called Altiga
>> before [3]
>>
>> The current dictionary that ships with Radiator has the attributes up to
>> number 137.
>> The names in the Cisco ASA doc have some common attributes but also
>> changed and new ones.
>> I'd replace all Altiga definitions with Cisco-ASA- attributes with their
>> names from the table in [2] and submit it to the list for replacement in
>> the default dictionary, does that sound sane after 13 years?
> Since the attributes are in use currently, the updated entries could be
> shipped at least as a separate dictionary file for those who need to use
> the latest definitions. I have also seen Altiga attributes used in
> current Cisco VPN deployments, so I think it would be a good idea to
> have the current definitions available too.
Yes, Cisco ASAs use the attributes defined in the document I've linked
which use the Altiga VSA (3076) and not the Cisco VSA (9).
I'd move the legacy Altiga VSAs into a separate dictionary file in the
goodies dir and put the current Cisco VSAs in the default dictionary file.
>
> If you have the entries, it would be good to see them and then consider
> what would be the best way to include them. If there are conflicting
> entries, then care would be needed when considering how to add them.
> Otherwise any users that may have equipment using them would have an
> unfortunate surprise.
>
> Thanks!
> Heikki
After an hour or typing I came up with this:

VENDORATTR  3076  Cisco-VPN-Access-Hours                               
1 string
VENDORATTR  3076  Cisco-VPN-Simultaneous-Logins                        
2 integer
VENDORATTR  3076  Cisco-VPN-Primary-DNS                                
5 ipaddr
VENDORATTR  3076  Cisco-VPN-Secondary-DNS                              
6 ipaddr
VENDORATTR  3076  Cisco-VPN-Primary-WINS                               
7 ipaddr
VENDORATTR  3076  Cisco-VPN-Secondary-WINS                             
8 ipaddr
VENDORATTR  3076  Cisco-VPN-SEP-Card-Assignment                        
9 integer
VENDORATTR  3076  Cisco-VPN-Tunneling-Protocols                       
11 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Sec-Association                     
12 string
VENDORATTR  3076  Cisco-VPN-IPsec-Authentication                      
13 string
VENDORATTR  3076  Cisco-VPN-Banner1                                   
15 string
VENDORATTR  3076  Cisco-VPN-IPsec-Allow-Passwd-Store                  
16 integer
VENDORATTR  3076  Cisco-VPN-Use-Client-Address                        
17 integer
VENDORATTR  3076  Cisco-VPN-PPTP-Encryption                           
20 integer
VENDORATTR  3076  Cisco-VPN-L2TP-Encryption                           
21 integer
VENDORATTR  3076  Cisco-VPN-Group-Policy                              
25 string
VENDORATTR  3076  Cisco-VPN-IPsec-Split-Tunnel-List                   
27 string
VENDORATTR  3076  Cisco-VPN-IPsec-Default-Domain                      
28 string
VENDORATTR  3076  Cisco-VPN-IPsec-Split-DNS-Names                     
29 string
VENDORATTR  3076  Cisco-VPN-IPsec-Tunnel-Type                         
30 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Mode-Config                         
31 integer
VENDORATTR  3076  Cisco-VPN-IPsec-User-Group-Lock                     
33 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Over-UDP                            
34 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Over-UDP-Port                       
35 integer
VENDORATTR  3076  Cisco-VPN-Banner2                                   
36 string
VENDORATTR  3076  Cisco-VPN-PPTP-MPPC-Compression                     
37 integer
VENDORATTR  3076  Cisco-VPN-L2TP-MPPC-Compression                     
38 integer
VENDORATTR  3076  Cisco-VPN-IPsec-IP-Compression                      
39 integer
VENDORATTR  3076  Cisco-VPN-IPsec-IKE-Peer-ID-Check                   
40 integer
VENDORATTR  3076  Cisco-VPN-IKE-Keep-Alives                           
41 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Auth-On-Rekey                       
42 integer
VENDORATTR  3076  Cisco-VPN-Required-Client-Firewall-Vendor-Code      
45 integer
VENDORATTR  3076  Cisco-VPN-Required-Client-Firewall-Product-Code     
46 integer
VENDORATTR  3076  Cisco-VPN-Required-Client-Firewall-Description      
47 string
VENDORATTR  3076  Cisco-VPN-Require-HW-Client-Auth                    
48 integer
VENDORATTR  3076  Cisco-VPN-Required-Individual-User-Auth             
49 integer
VENDORATTR  3076  Cisco-VPN-Authenticated-User-Idle-Timeout           
50 integer
VENDORATTR  3076  Cisco-VPN-Cisco-IP-Phone-Bypass                     
51 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Split-Tunneling-Policy              
55 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Required-Client-Firewall-Capability 
56 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Client-Firewall-Filter-Name         
57 string
VENDORATTR  3076  Cisco-VPN-IPsec-Client-Firewall-Filter-Optional     
58 integer
VENDORATTR  3076  Cisco-VPN-IPsec-Backup-Servers                      
59 string
VENDORATTR  3076  Cisco-VPN-IPsec-Backup-Server-List                  
60 string
VENDORATTR  3076  Cisco-VPN-DHCP-Network-Scope                        
61 string
VENDORATTR  3076  Cisco-VPN-Intercept-DHCP-Configure-Msg              
62 integer
VENDORATTR  3076  Cisco-VPN-MS-Client-Subnet-Mask                     
63 integer
VENDORATTR  3076  Cisco-VPN-Allow-Network-Extension-Mode              
64 integer
VENDORATTR  3076  Cisco-VPN-Authorization-Type                        
65 integer
VENDORATTR  3076  Cisco-VPN-Authorization-Required                    
66 integer
VENDORATTR  3076  Cisco-VPN-Authorization-DN-Field                    
67 string
VENDORATTR  3076  Cisco-VPN-IKE-KeepAlive-Confidence-Interval         
68 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Content-Filter-Parameters          
69 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-URL-List                           
71 string
VENDORATTR  3076  Cisco-VPN-WebVPN-Port-Forward-List                  
72 string
VENDORATTR  3076  Cisco-VPN-WebVPN-Access-List                        
73 string
VENDORATTR  3076  Cisco-VPN-Cisco-LEAP-Bypass                         
75 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Homepage                           
76 string
VENDORATTR  3076  Cisco-VPN-Client-Type-Version-Limiting              
77 string
VENDORATTR  3076  Cisco-VPN-WebVPN-Port-Forwarding-Name               
79 string
VENDORATTR  3076  Cisco-VPN-IE-Proxy-Server                           
80 string
VENDORATTR  3076  Cisco-VPN-IE-Proxy-Server-Policy                    
81 integer
VENDORATTR  3076  Cisco-VPN-IE-Proxy-Exception-List                   
82 string
VENDORATTR  3076  Cisco-VPN-IE-Proxy-Bypass-Local                     
83 integer
VENDORATTR  3076  Cisco-VPN-IKE-Keepalive-Retry-Interval              
84 integer
VENDORATTR  3076  Cisco-VPN-Tunnel-Group-Lock                         
85 string
VENDORATTR  3076  Cisco-VPN-Access-List-Inbound                       
86 string
VENDORATTR  3076  Cisco-VPN-Access-List-Outbound                      
87 string
VENDORATTR  3076  Cisco-VPN-Perfect-Forward-Secrecy-Enable            
88 integer
VENDORATTR  3076  Cisco-VPN-NAC-Enable                                
89 integer
VENDORATTR  3076  Cisco-VPN-NAC-Status-Query-Timer                    
90 integer
VENDORATTR  3076  Cisco-VPN-NAC-Revalidation-Timer                    
91 integer
VENDORATTR  3076  Cisco-VPN-NAC-Default-ACL                           
92 string
VENDORATTR  3076  Cisco-VPN-WebVPN-URL-Entry-Enable                   
93 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-File-Access-Enable                 
94 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-File-Server-Entry-Enable           
95 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-File-Server-Browsing-Enable        
96 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Port-Forwarding-Enable             
97 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Outlook-Exchange-Proxy-Enable      
98 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Port-Forwarding-HTTP-Proxy         
99 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Auto-Applet-Download-Enable       
100 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Citrix-Metaframe-Enable           
101 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Apply-ACL                         
102 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-SSL-VPN-Client-Enable             
103 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-SSL-VPN-Client-Required           
104 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-SSL-VPN-Client-Keep-Installation  
105 integer
VENDORATTR  3076  Cisco-VPN-SVC-Keepalive                            
107 integer
VENDORATTR  3076  Cisco-VPN-SVC-DPD-Interval-Client                  
108 integer
VENDORATTR  3076  Cisco-VPN-SVC-DPD-Interval-Gateway                 
109 integer
VENDORATTR  3076  Cisco-VPN-SVC-Rekey-Time                           
110 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Deny-Message                      
116 string
VENDORATTR  3076  Cisco-VPN-Extended-Authentication-On-Rekey         
122 integer
VENDORATTR  3076  Cisco-VPN-SVC-DTLS                                 
123 integer
VENDORATTR  3076  Cisco-VPN-SVC-MTU                                  
125 integer
VENDORATTR  3076  Cisco-VPN-SVC-Modules                              
127 string
VENDORATTR  3076  Cisco-VPN-SVC-Profiles                             
128 string
VENDORATTR  3076  Cisco-VPN-SVC-Ask                                  
131 string
VENDORATTR  3076  Cisco-VPN-SVC-Ask-Timeout                          
132 integer
VENDORATTR  3076  Cisco-VPN-IE-Proxy-PAC-URL                         
133 string
VENDORATTR  3076  Cisco-VPN-Strip-Realm                              
135 integer
VENDORATTR  3076  Cisco-VPN-Smart-Tunnel                             
136 string
VENDORATTR  3076  Cisco-VPN-WebVPN-ActiveX-Relay                     
137 integer
VENDORATTR  3076  Cisco-VPN-Smart-Tunnel-Auto                        
138 integer
VENDORATTR  3076  Cisco-VPN-Smart-Tunnel-Auto-Signon-Enable          
139 string
VENDORATTR  3076  Cisco-VPN-VLAN                                     
140 integer
VENDORATTR  3076  Cisco-VPN-NAC-Settings                             
141 string
VENDORATTR  3076  Cisco-VPN-Member-Of                                
145 string
VENDORATTR  3076  Cisco-VPN-Tunnel-Group-Name                        
146 string
VENDORATTR  3076  Cisco-VPN-Client-Type                              
150 integer
VENDORATTR  3076  Cisco-VPN-Session-Type                             
151 integer
VENDORATTR  3076  Cisco-VPN-Session-Subtype                          
152 integer
VENDORATTR  3076  Cisco-VPN-Address-Pools                            
217 string
VENDORATTR  3076  Cisco-VPN-IPv6-Address-Pools                       
218 string
VENDORATTR  3076  Cisco-VPN-IPv6-VPN-Filter                          
219 string
VENDORATTR  3076  Cisco-VPN-Privilege-Level                          
220 integer
VENDORATTR  3076  Cisco-VPN-WebVPN-Macro-Value1                      
223 string
VENDORATTR  3076  Cisco-VPN-WebVPN-Macro-Value2                      
224 string

I've changed Cisco-ASA- to Cisco-VPN- because they are also used by the
old VPN3000 concentrators and the old PIXen.
If you agree with the naming (straight from the Cisco docs) I'll also
add the individual values for each attribute (that will be another 500
lines or so).

>
>> [1]
>> http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDIQFjAA&url=http%3A%2F%2Fwww.open.com.au%2Fpipermail%2Fradiator%2F2003-October%2F008053.html&ei=LOksUebXOsvRsgaPpoDQCw&usg=AFQjCNGveQ6v-u4hYtw6RZA5hP8FD_TlUg&sig2=7pknyx-Cqi079pJBCP_SqA&bvm=bv.42965579,d.Yms&cad=rja
>> [2]
>> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html#wp1753749
>> [3] http://www.networkworld.com/news/2000/0119cistiga.html
>>
>> --
>> Best regards, Alex
>>
>>
>>
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
>> Handelsgericht Wien, FN 79340b
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> Notice: This e-mail contains information that is confidential and may be privileged.
>> If you are not the intended recipient, please notify the sender and then
>> delete this e-mail immediately.
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>



More information about the radiator mailing list