Does anybody authenticate VPN Cisco clients againts Freeradius

Unanswered Question
Jul 15th, 2010

Hi friends

I have running AAA against IAS and I want to move to the Freeradius

What I was not able to solve is the freeradius part.

I know that this is probably question to Freeradius maling list, but I was not able to find an answer there

I have running ntml_auth against AD, and I can authenticate to get the level 15 on the router

But i don't know how to configure freeradius to authenticate VPN Cisco clients. they're autheticated with domainname\username and password

My current users file contains:

user   Auth-Type := ntlm_auth
        Service-Type = NAS-Prompt-User,
        cisco-avpair = "shell:priv-lvl=15"

Can somebody help me please with freeradius configuration against sico vpn clients ?

Thanks a lot


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
care_cisco Fri, 07/16/2010 - 11:58

Based on the radius group, you can differentiate it based on the attribute

webvpn:user-vpn-group="group name"

where this group is on the termination device (router, asa) and it says what rights the "group name" will have.

For example, I do it to differentiate between two different sets of clients , say A - group A on radius --- these are passed on with the attribute X when successfully authenticated, now what this X means can be defined on the router e.g. they have access to a single page or they have full tunnel access ...etc....


This Discussion