radius ipsec vsas

Unanswered Question
May 17th, 2008

Hello,

I use a freeradius server to authenticate cisco VPN software clients with Xauth.

For now, a single user must match his single easyvpn group name with this vsa

"ipsec:user-vpn-group=<group name>"

Is it possible to allow a user to match multiple groups ?

To achieve this, may I have multiple vsa "ipsec:user-vpn-group=<group 1>"

"ipsec:user-vpn-group=<group 2>"

...

"ipsec:user-vpn-group=<group N>"

or a vsa like this:

"ipsec:user-vpn-group=<group 1> <group 2> ... <group N>"

another question :

I would like to push a different login banner from Radius server to easvpn clients (across an IOS 12.4 easyvpn router) which appears when they connect successfully.

Is there a radius attribute or a Cisco VSA to achieve this ?

Cisco VSA documents are quite difficult to find and are sometimes deprecated (IOS

11 or 12),so I ask details on this forum.

Thanks for help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion