Cisco Support Community
Community Member

IAS server authenticating multiple tunnel types


I've got an interesting problem with current VPN setup.

Setup is VPN concentrator with public and external interface terminating all VPN connections.

Currently there is are 5 users (general managers) who use PPTP to connect to the network from anywhere. They connect through the public interface from the internet to the VPN concentrator and are authenticated by an internal MS IAS server. I now have numerous users who want to use IPSec VPN terminating on the external interface. Whilst testing, the admin who looks after the IAS server is unable to determine which connection the tunnel request is coming from, i.e. whether it's a PPTP user accessing via the internet or an IPSec user accessing via the private IP network.

Is there anyway that on the initial access-request RADIUS message that I can pass the client IP address so I can determine whether it's a PPTP tunnel or an IPSec tunnel? Or if I can pass anything to the internal IAS server to distinguish where the connection orginates?

Reason for this is that they currently only have one remote acces group configured internally and don't want anyone who will be given IPSec access to get PPTP access by default.

Thanks in advance.



Re: IAS server authenticating multiple tunnel types


I don't know of anyway to do that and have a feeling that you'll have to end up setting the PPTP users to the local database on your concentrator, or use cisco's ACS server inorder to get that kind of granularity.


CreatePlease to create content