Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

cjw
New Member

Can RADIUS/IAS control if the user can split tunnel ?

Hello--

   I have a 2821 router configured with both LAN-to-LAN and remote access VPN functionality. Authentication is controlled by RADIUS/IAS on Windows 2003.

   I know it is possible to set certain user characteristics within IAS. For example, when a user logs into the router, the privilege level they are given is based upon the user name and the Active Directory group to which they belong. IAS is configured send a string (priv-lvl=15)to the router setting the privilege level. Can this be done for split tunnels?

    Because we have a large pool of laptops that are checked out by anyone, we really can't have multiple VPN groups on the router. I want the IT staff to be able to split tunnel, but not the other remote users. I presume there is some sort of string that I need to send to the router from IAS to use an ACL that is configured on the router for the split tunnel.

cjw

308
Views
0
Helpful
0
Replies