radius ipsec vsas

Unanswered Question
May 17th, 2008
User Badges:


I use a freeradius server to authenticate cisco VPN software clients with Xauth.

For now, a single user must match his single easyvpn group name with this vsa

"ipsec:user-vpn-group=<group name>"

Is it possible to allow a user to match multiple groups ?

To achieve this, may I have multiple vsa "ipsec:user-vpn-group=<group 1>"

"ipsec:user-vpn-group=<group 2>"


"ipsec:user-vpn-group=<group N>"

or a vsa like this:

"ipsec:user-vpn-group=<group 1> <group 2> ... <group N>"

another question :

I would like to push a different login banner from Radius server to easvpn clients (across an IOS 12.4 easyvpn router) which appears when they connect successfully.

Is there a radius attribute or a Cisco VSA to achieve this ?

Cisco VSA documents are quite difficult to find and are sometimes deprecated (IOS

11 or 12),so I ask details on this forum.

Thanks for help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion