Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
15
Helpful
6
Replies

Distribute VPN Client

dianewalker
Level 1
Level 1

‎05-19-2006 11:48 AM - edited ‎02-21-2020 12:54 AM

How do you normally distribute VPN IPSEC Client? We have many different VPN groups with different access. We setup authentication through RADIUS. We have been e-mailing the users the VPN client and the PCF file. Please let me know if you have any questions or need additional information.

Thanks.

0 Helpful
6 Replies 6

a.hajhamad
Level 4
Level 4

‎05-20-2006 11:49 AM

Hi,

There is a RADIUS attribute called [25] Class and you can enfore VPN clients (PPTP & WebVPN) by which group you need, for example,

[25] Class, and use "ou="group-name";".

I used this attribute for PPTP and WEBVPN or SSL, but i didn't test it against IPSec VPN client, since the VPN client knows which group will be used.

Anyway, i will test it and update you.

Abd ALqader

a.hajhamad
Level 4
Level 4
In response to a.hajhamad

‎05-20-2006 09:33 PM

Hi again,

Yes, it is ok for IPSec VPN clients also, you can set this RADIUS attribute to enforce VPN clients for the group you need.

Please rate if it does!

Abd Alqader

0 Helpful

dianewalker
Level 1
Level 1
In response to a.hajhamad

‎05-21-2006 05:03 AM

Abd,

Thanks for your response. How do you normally distribute the VPN client to remote users? Do you email them the VPN client? Thanks.

0 Helpful

a.hajhamad
Level 4
Level 4
In response to dianewalker

‎05-21-2006 10:51 AM

Hi,

If you mean VPN client Config. you can configure your VPN client and send the config file "*.pcf".

If you mean the Cisco VPN client, they have to install it first by you or remotely (maybe you can make an FTP server and put it there to your employees), or "if diffucult" you can enforce them to use windows VPN access "PPTP" or WebVPN untill you can install it later.

Abd Alqader

dianewalker
Level 1
Level 1
In response to a.hajhamad

‎05-22-2006 05:03 PM

Abd,

Thanks for your response. Your instructions work to setup groups. I have another question. Besides the RADIUS attribute Class (25), what other attributes that you also use on the RADIUS server? Is there a Cisco documentation that would explain what other attributes that you can put on the RADIUS server? I see many attributes on the RADIUS server, but don't know how to use them. Please let me know if my question is not clear.

Thanks.

0 Helpful

a.hajhamad
Level 4
Level 4
In response to dianewalker

‎05-22-2006 09:33 PM

For me, i'm using this attribute only since i'm concern about how to distribute VPN clients to groups in the VPN box.

I think this document list other RADIUS attributes used with ACS

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00802335ea.html

Regards

Abd Alqader

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card