Jérôme,
as far as I am aware this is not possible using a PIX with
certificates and vpngroups (my implementation). If you find out otherwise I
would really appreciate it if you could forward any information. I know
this definately can't be done if you use vpngroups and certificates - any
solution will need to be without either certs (phase 1 authentication) or
vpngroups or both. I would dearly love to be wrong if someone knows of a
way this can be done.
Regards,
John.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jerome
hebert
Sent: Wednesday, March 05, 2003 5:49 AM
To: [EMAIL PROTECTED]
Subject: PIX VPN Radius attributes
Hi,
On a Cisco PIX Firewall, I'm using the Cisco VPN client to provide VPN
access. Below is an extract of the configuration:
ip local pool vpnxpool 192.168.172.10-192.168.172.200
access-list vpn-access permit ip x.x.x.x x.x.x.x 192.168.172.0 255.255.255.0
vpngroup vpnx address-pool vpnxpool
vpngroup vpnx dns-server x.x.x.x
vpngroup vpnx wins-server x.x.x.x
vpngroup vpnx default-domain xx
vpngroup vpnx idle-time 1800
vpngroup vpnx password x
vpngroup vpnx split-tunnel vpn-access
I'm using Freeradius to authenticate the users.
Does anybody knows how I can have FreeRadius to return to the PIX the
following vpngroup attributes: "address-pool", "dns-server", "wins-server",
"default-domain", "split-tunnel" so that I can have differents users
profile in the same vpngroup ?
What attributes the Radius server should return to the PIX ?
What are the Radius attributes supported by the PIX ?
Regards,
Jérôme.
_
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html