[RADIATOR] ERR: Attribute number 146 (vendor 3076) is not defined in your dictionary aka Cisco bought Altiga in 2000
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Wed Feb 27 08:10:15 CST 2013
On 2013-02-26 22:35, Heikki Vatiainen wrote:
> On 02/26/2013 07:04 PM, Alexander Hartmaier wrote:
>
>> After some googling I've found the answer to this question [1] asked on
>> this list in 2003 [2]
>> Seems Cisco ASAs, which where called PIX before, where called Altiga
>> before [3]
>>
>> The current dictionary that ships with Radiator has the attributes up to
>> number 137.
>> The names in the Cisco ASA doc have some common attributes but also
>> changed and new ones.
>> I'd replace all Altiga definitions with Cisco-ASA- attributes with their
>> names from the table in [2] and submit it to the list for replacement in
>> the default dictionary, does that sound sane after 13 years?
> Since the attributes are in use currently, the updated entries could be
> shipped at least as a separate dictionary file for those who need to use
> the latest definitions. I have also seen Altiga attributes used in
> current Cisco VPN deployments, so I think it would be a good idea to
> have the current definitions available too.
Yes, Cisco ASAs use the attributes defined in the document I've linked
which use the Altiga VSA (3076) and not the Cisco VSA (9).
I'd move the legacy Altiga VSAs into a separate dictionary file in the
goodies dir and put the current Cisco VSAs in the default dictionary file.
>
> If you have the entries, it would be good to see them and then consider
> what would be the best way to include them. If there are conflicting
> entries, then care would be needed when considering how to add them.
> Otherwise any users that may have equipment using them would have an
> unfortunate surprise.
>
> Thanks!
> Heikki
After an hour or typing I came up with this:
VENDORATTR 3076 Cisco-VPN-Access-Hours
1 string
VENDORATTR 3076 Cisco-VPN-Simultaneous-Logins
2 integer
VENDORATTR 3076 Cisco-VPN-Primary-DNS
5 ipaddr
VENDORATTR 3076 Cisco-VPN-Secondary-DNS
6 ipaddr
VENDORATTR 3076 Cisco-VPN-Primary-WINS
7 ipaddr
VENDORATTR 3076 Cisco-VPN-Secondary-WINS
8 ipaddr
VENDORATTR 3076 Cisco-VPN-SEP-Card-Assignment
9 integer
VENDORATTR 3076 Cisco-VPN-Tunneling-Protocols
11 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Sec-Association
12 string
VENDORATTR 3076 Cisco-VPN-IPsec-Authentication
13 string
VENDORATTR 3076 Cisco-VPN-Banner1
15 string
VENDORATTR 3076 Cisco-VPN-IPsec-Allow-Passwd-Store
16 integer
VENDORATTR 3076 Cisco-VPN-Use-Client-Address
17 integer
VENDORATTR 3076 Cisco-VPN-PPTP-Encryption
20 integer
VENDORATTR 3076 Cisco-VPN-L2TP-Encryption
21 integer
VENDORATTR 3076 Cisco-VPN-Group-Policy
25 string
VENDORATTR 3076 Cisco-VPN-IPsec-Split-Tunnel-List
27 string
VENDORATTR 3076 Cisco-VPN-IPsec-Default-Domain
28 string
VENDORATTR 3076 Cisco-VPN-IPsec-Split-DNS-Names
29 string
VENDORATTR 3076 Cisco-VPN-IPsec-Tunnel-Type
30 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Mode-Config
31 integer
VENDORATTR 3076 Cisco-VPN-IPsec-User-Group-Lock
33 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Over-UDP
34 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Over-UDP-Port
35 integer
VENDORATTR 3076 Cisco-VPN-Banner2
36 string
VENDORATTR 3076 Cisco-VPN-PPTP-MPPC-Compression
37 integer
VENDORATTR 3076 Cisco-VPN-L2TP-MPPC-Compression
38 integer
VENDORATTR 3076 Cisco-VPN-IPsec-IP-Compression
39 integer
VENDORATTR 3076 Cisco-VPN-IPsec-IKE-Peer-ID-Check
40 integer
VENDORATTR 3076 Cisco-VPN-IKE-Keep-Alives
41 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Auth-On-Rekey
42 integer
VENDORATTR 3076 Cisco-VPN-Required-Client-Firewall-Vendor-Code
45 integer
VENDORATTR 3076 Cisco-VPN-Required-Client-Firewall-Product-Code
46 integer
VENDORATTR 3076 Cisco-VPN-Required-Client-Firewall-Description
47 string
VENDORATTR 3076 Cisco-VPN-Require-HW-Client-Auth
48 integer
VENDORATTR 3076 Cisco-VPN-Required-Individual-User-Auth
49 integer
VENDORATTR 3076 Cisco-VPN-Authenticated-User-Idle-Timeout
50 integer
VENDORATTR 3076 Cisco-VPN-Cisco-IP-Phone-Bypass
51 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Split-Tunneling-Policy
55 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Required-Client-Firewall-Capability
56 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Client-Firewall-Filter-Name
57 string
VENDORATTR 3076 Cisco-VPN-IPsec-Client-Firewall-Filter-Optional
58 integer
VENDORATTR 3076 Cisco-VPN-IPsec-Backup-Servers
59 string
VENDORATTR 3076 Cisco-VPN-IPsec-Backup-Server-List
60 string
VENDORATTR 3076 Cisco-VPN-DHCP-Network-Scope
61 string
VENDORATTR 3076 Cisco-VPN-Intercept-DHCP-Configure-Msg
62 integer
VENDORATTR 3076 Cisco-VPN-MS-Client-Subnet-Mask
63 integer
VENDORATTR 3076 Cisco-VPN-Allow-Network-Extension-Mode
64 integer
VENDORATTR 3076 Cisco-VPN-Authorization-Type
65 integer
VENDORATTR 3076 Cisco-VPN-Authorization-Required
66 integer
VENDORATTR 3076 Cisco-VPN-Authorization-DN-Field
67 string
VENDORATTR 3076 Cisco-VPN-IKE-KeepAlive-Confidence-Interval
68 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Content-Filter-Parameters
69 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-URL-List
71 string
VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forward-List
72 string
VENDORATTR 3076 Cisco-VPN-WebVPN-Access-List
73 string
VENDORATTR 3076 Cisco-VPN-Cisco-LEAP-Bypass
75 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Homepage
76 string
VENDORATTR 3076 Cisco-VPN-Client-Type-Version-Limiting
77 string
VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forwarding-Name
79 string
VENDORATTR 3076 Cisco-VPN-IE-Proxy-Server
80 string
VENDORATTR 3076 Cisco-VPN-IE-Proxy-Server-Policy
81 integer
VENDORATTR 3076 Cisco-VPN-IE-Proxy-Exception-List
82 string
VENDORATTR 3076 Cisco-VPN-IE-Proxy-Bypass-Local
83 integer
VENDORATTR 3076 Cisco-VPN-IKE-Keepalive-Retry-Interval
84 integer
VENDORATTR 3076 Cisco-VPN-Tunnel-Group-Lock
85 string
VENDORATTR 3076 Cisco-VPN-Access-List-Inbound
86 string
VENDORATTR 3076 Cisco-VPN-Access-List-Outbound
87 string
VENDORATTR 3076 Cisco-VPN-Perfect-Forward-Secrecy-Enable
88 integer
VENDORATTR 3076 Cisco-VPN-NAC-Enable
89 integer
VENDORATTR 3076 Cisco-VPN-NAC-Status-Query-Timer
90 integer
VENDORATTR 3076 Cisco-VPN-NAC-Revalidation-Timer
91 integer
VENDORATTR 3076 Cisco-VPN-NAC-Default-ACL
92 string
VENDORATTR 3076 Cisco-VPN-WebVPN-URL-Entry-Enable
93 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-File-Access-Enable
94 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-File-Server-Entry-Enable
95 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-File-Server-Browsing-Enable
96 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forwarding-Enable
97 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Outlook-Exchange-Proxy-Enable
98 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forwarding-HTTP-Proxy
99 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Auto-Applet-Download-Enable
100 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Citrix-Metaframe-Enable
101 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Apply-ACL
102 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-SSL-VPN-Client-Enable
103 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-SSL-VPN-Client-Required
104 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-SSL-VPN-Client-Keep-Installation
105 integer
VENDORATTR 3076 Cisco-VPN-SVC-Keepalive
107 integer
VENDORATTR 3076 Cisco-VPN-SVC-DPD-Interval-Client
108 integer
VENDORATTR 3076 Cisco-VPN-SVC-DPD-Interval-Gateway
109 integer
VENDORATTR 3076 Cisco-VPN-SVC-Rekey-Time
110 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Deny-Message
116 string
VENDORATTR 3076 Cisco-VPN-Extended-Authentication-On-Rekey
122 integer
VENDORATTR 3076 Cisco-VPN-SVC-DTLS
123 integer
VENDORATTR 3076 Cisco-VPN-SVC-MTU
125 integer
VENDORATTR 3076 Cisco-VPN-SVC-Modules
127 string
VENDORATTR 3076 Cisco-VPN-SVC-Profiles
128 string
VENDORATTR 3076 Cisco-VPN-SVC-Ask
131 string
VENDORATTR 3076 Cisco-VPN-SVC-Ask-Timeout
132 integer
VENDORATTR 3076 Cisco-VPN-IE-Proxy-PAC-URL
133 string
VENDORATTR 3076 Cisco-VPN-Strip-Realm
135 integer
VENDORATTR 3076 Cisco-VPN-Smart-Tunnel
136 string
VENDORATTR 3076 Cisco-VPN-WebVPN-ActiveX-Relay
137 integer
VENDORATTR 3076 Cisco-VPN-Smart-Tunnel-Auto
138 integer
VENDORATTR 3076 Cisco-VPN-Smart-Tunnel-Auto-Signon-Enable
139 string
VENDORATTR 3076 Cisco-VPN-VLAN
140 integer
VENDORATTR 3076 Cisco-VPN-NAC-Settings
141 string
VENDORATTR 3076 Cisco-VPN-Member-Of
145 string
VENDORATTR 3076 Cisco-VPN-Tunnel-Group-Name
146 string
VENDORATTR 3076 Cisco-VPN-Client-Type
150 integer
VENDORATTR 3076 Cisco-VPN-Session-Type
151 integer
VENDORATTR 3076 Cisco-VPN-Session-Subtype
152 integer
VENDORATTR 3076 Cisco-VPN-Address-Pools
217 string
VENDORATTR 3076 Cisco-VPN-IPv6-Address-Pools
218 string
VENDORATTR 3076 Cisco-VPN-IPv6-VPN-Filter
219 string
VENDORATTR 3076 Cisco-VPN-Privilege-Level
220 integer
VENDORATTR 3076 Cisco-VPN-WebVPN-Macro-Value1
223 string
VENDORATTR 3076 Cisco-VPN-WebVPN-Macro-Value2
224 string
I've changed Cisco-ASA- to Cisco-VPN- because they are also used by the
old VPN3000 concentrators and the old PIXen.
If you agree with the naming (straight from the Cisco docs) I'll also
add the individual values for each attribute (that will be another 500
lines or so).
>
>> [1]
>> http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDIQFjAA&url=http%3A%2F%2Fwww.open.com.au%2Fpipermail%2Fradiator%2F2003-October%2F008053.html&ei=LOksUebXOsvRsgaPpoDQCw&usg=AFQjCNGveQ6v-u4hYtw6RZA5hP8FD_TlUg&sig2=7pknyx-Cqi079pJBCP_SqA&bvm=bv.42965579,d.Yms&cad=rja
>> [2]
>> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html#wp1753749
>> [3] http://www.networkworld.com/news/2000/0119cistiga.html
>>
>> --
>> Best regards, Alex
>>
>>
>>
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
>> Handelsgericht Wien, FN 79340b
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> Notice: This e-mail contains information that is confidential and may be privileged.
>> If you are not the intended recipient, please notify the sender and then
>> delete this e-mail immediately.
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
More information about the radiator
mailing list