Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

radius ipsec vsas

Hello,

I use a freeradius server to authenticate cisco VPN software clients with Xauth.

For now, a single user must match his single easyvpn group name with this vsa

"ipsec:user-vpn-group=<group name>"

Is it possible to allow a user to match multiple groups ?

To achieve this, may I have multiple vsa "ipsec:user-vpn-group=<group 1>"

"ipsec:user-vpn-group=<group 2>"

...

"ipsec:user-vpn-group=<group N>"

or a vsa like this:

"ipsec:user-vpn-group=<group 1> <group 2> ... <group N>"

another question :

I would like to push a different login banner from Radius server to easvpn clients (across an IOS 12.4 easyvpn router) which appears when they connect successfully.

Is there a radius attribute or a Cisco VSA to achieve this ?

Cisco VSA documents are quite difficult to find and are sometimes deprecated (IOS

11 or 12),so I ask details on this forum.

Thanks for help

131
Views
0
Helpful
0
Replies
CreatePlease to create content