Jérôme, as far as I am aware this is not possible using a PIX with certificates and vpngroups (my implementation). If you find out otherwise I would really appreciate it if you could forward any information. I know this definately can't be done if you use vpngroups and certificates - any solution will need to be without either certs (phase 1 authentication) or vpngroups or both. I would dearly love to be wrong if someone knows of a way this can be done.
Regards, John. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerome hebert Sent: Wednesday, March 05, 2003 5:49 AM To: [EMAIL PROTECTED] Subject: PIX VPN Radius attributes Hi, On a Cisco PIX Firewall, I'm using the Cisco VPN client to provide VPN access. Below is an extract of the configuration: ip local pool vpnxpool 192.168.172.10-192.168.172.200 access-list vpn-access permit ip x.x.x.x x.x.x.x 192.168.172.0 255.255.255.0 vpngroup vpnx address-pool vpnxpool vpngroup vpnx dns-server x.x.x.x vpngroup vpnx wins-server x.x.x.x vpngroup vpnx default-domain xxxxxxxxxx vpngroup vpnx idle-time 1800 vpngroup vpnx password xxxxx vpngroup vpnx split-tunnel vpn-access I'm using Freeradius to authenticate the users. Does anybody knows how I can have FreeRadius to return to the PIX the following vpngroup attributes: "address-pool", "dns-server", "wins-server", "default-domain", "split-tunnel" so that I can have differents users profile in the same vpngroup ? What attributes the Radius server should return to the PIX ? What are the Radius attributes supported by the PIX ? Regards, Jérôme. _____________________________________________________________________ Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html