Wanted: Radius Cisco VSA for Split Tunneling on IOS Client
i'm currently configuring some Cisco 800 as EZVPN Clients, the server will be a 2821. We want to setup the server in a way that no client-specific configuration is needed there (because this is a service provider environment). So authentication (xauth) and isakmp authorization (preshared keys) are done agains a RADIUS server (freeradius).
This EZVPN setup works fine, however what we also want to achieve is split tunneling for the clients. That would mean configuring a split tunneling ACL and pushing it towards the client during mode config. As the clients will have different private address spaces we do not want to have client specific configuration on the gateway, instead we also want to get this information from the RADIUS server. Thus we need the appropriate cisco-avpairs.
Does anyone know which avpair to use for this purpose? Note it's not enough to push the ACL number and have the ACL configured on the server (i think thats possible for ASA/VPN3k), we need to get the ACL from the radius.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...