Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
0
Helpful
1
Replies

MSFC not applying Radius attribute 11 to client VPN connections

mflanigan
Level 1
Level 1

‎06-28-2007 11:43 PM - edited ‎03-10-2019 03:14 PM

I have an MSFC with 12.2(18)SXF6 and a VPNSM configured for radius authentication and authorization. In the attachment, I can see the filter-id sent, but when I connect, I can still ping addresses other than in 10.1.x.x, which the acl should disallow. TAC has told me to use aaa authorization configuration default, but I wonder if I should use aaa authorization network default instead. Is there any other reason why the MSFC would not apply the filter to a VPN client connection? Thanks

Labels:
Preview file
2 KB
0 Helpful
1 Reply 1

mflanigan
Level 1
Level 1

‎06-29-2007 12:06 AM

One interesting thing I note, is that if I set the filter id to clientacl.in, the connection fails, even though the radius debug indicates an access-accept back from the server. This indicates that the MSFC is doing something with the attribute, but isn't filtering traffic.

BTW, the radius server is RSA, if that matters.

0 Helpful
Customers Also Viewed These Support Documents