I'm a bit stumped trying to find the proper information or rather guide and understand how to configure authorization for IPSec remote VPN on IOS router.Some Cisco confiruation examples say it should be as follows:
aaa authorization network SOMENAME local
crypto map CLIENTMAP isakmp authorization list SOMENAME
How does it work in the first place if I don't use local database for authentication requests?
There's radius group configured on the router and then users successfully authenticate against the external identity store.
aaa authentication login VPNUSERAUTHEN group radius
aaa authorization exec default local
aaa authorization network VPNGROUPAUTHOR local
crypto map CLIENTMAP client authentication list VPNUSERAUTHEN
crypto map CLIENTMAP isakmp authorization list VPNGROUPAUTHOR
crypto map CLIENTMAP client configuration address respond
crypto map CLIENTMAP 1 ipsec-isakmp dynamic DYNMAP
Why do we have to use local database for authorizations? If I want to use the list associated with radius server what return attributes I will need to configure with the radius profile?
Can someone refer me to the proper documentation elaborating how everything ties up together?