VPN client and radius or CAR

Unanswered Question

Hello:

I am trying to setup remote access vpn on IOS router with cisco Radius or CAR.

the vpn client user needs to be authenticated by group id and password, and user id and password.

How should I setup CAR, could someone provides me an example?

I saw this sample, but there is no relationship between user and group.

Any suggestions?

thx

[ //localhost/RADIUS/UserLists/Default/joe-coke ]

Name = joe-coke

Description =

Password = <encrypted>

AllowNullPassword = FALSE

Enabled = TRUE

Group~ =

BaseProfile~ =

AuthenticationScript~ =

AuthorizationScript~ =

UserDefined1 =

[ //localhost/RADIUS/UserLists/Default/group1 ]

Name = group1

Description =

Password = <encrypted> (would be "cisco")

AllowNullPassword = FALSE

Enabled = TRUE

Group~ =

BaseProfile~ = group1profile

AuthenticationScript~ =

AuthorizationScript~ =

UserDefined1 =

Define the group attributes such as pre-shared key, IP address pool name, etc. using Cisco

AV-pairs:

[ //localhost/RADIUS/Profiles/group1profile/Attributes ]

cisco-avpair = ipsec:key-exchange=ike

cisco-avpair = ipsec:tunnel-password=cisco123

cisco-avpair = ipsec:addr-pool=pool1

Service-Type = Outbound

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jawicks Thu, 04/24/2008 - 03:50

you can define the group locally on the router to define the values which the client will use to build the tunnel (pre-shared key, etc). The client's username/pw can then be defined within AAA server to allow access to the network once the tunnel has been established.

The link below should show how to setup the group config in IOS and you should change the AAA method to point to radius instead of local to authenticate the client at your AAA server.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

Actions

This Discussion