×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
gfullage Wed, 03/03/2004 - 20:01
User Badges:
  • Cisco Employee,

I've helped customers set it up and yes, it does work. Basically you can assign attributes to users from your LDAP database, these override what is set on the concentrator. You don't have to define every attribute, so don't go and create this huge LDAP schema, only define the attributes you want to define via LDAP specifically and that should be enough.


You'll end up with something like this under a user profile:


CVPN3000-Access-Hours: Corporate_time

cVPN3000-Simultaneous-Logins: 2

cVPN3000-IPSec-Over-UDP: TRUE

CVPN3000-IPSec-Over-UDP-Port: 12125

cVPN3000-IPSec-Banner1: Welcome to the XYZ Corporation!!!

cVPN3000-Primary-DNS: 10.10.4.5

CVPN3000-Secondary-DNS: 10.11.12.7

CVPN3000-Primary-WINS: 10.20.1.44

CVPN3000-SEP-Card-Assignment: 1

CVPN3000-IPSec-Tunnel-Type: 2

CVPN3000-Tunneling-Protocols: 7

cVPN3000-Confidence-Interval: 300

cVPN3000-IPSec-Allow-Passwd-Store: TRUE

objectClass: cVPN3000-User-Authorization


The object class must be called "cVPN3000-User-Authorization" at the moment, it may be able to be changed in later code releases but for now it has to be that.


A good way to start off is just define the following:


cVPN3000-IPSec-Banner1: Hi there


and if the user gets that when they login then you know your database is set up OK. After that it's just a matter of adding in whatever other attributes you want, they're all listed in the URL you posted initially.

Actions

This Discussion