freeradius and Cisco VPN IPSEC profiles authentication

Jevos, Peter Peter.Jevos at oriflame.com
Thu Nov 4 11:41:56 CET 2010


Hi , I tried to setup configuration from different sources from  the
web, but it's not easy

 

I have cisco vpn access server where are more IPSEC proflles ( groups ).
They should be authenticated against Freeradius.

One profile called Group1 should be authenticated against ntlm_auth_vpn
( already working), others against vpn_auth_name

 

So my Users file is:

 

DEFAULT          Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==
10.1.1.252

                Tunnel-Type = "ESP",

                Tunnel-Private-Group-ID = "Group1",

                Tunnel-Password = "cisco",

                Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7",

                 Cisco-Avpair="ipsec:addr-pool=vpn_pool",

                Cisco-Avpair="ipsec:inacl=101",

                Cisco-Avpair="ipsec:key-exchange=ike",

                Cisco-Avpair="ipsec:key-exchange=preshared-key",

                Service-Type = Framed-User,

                Framed-Protocol = PPP,

                

 

DEFAULT        Auth-Type := vpn_auth_name, , NAS-IP-Address ==
10.1.1.252

                          Service-Type = Framed-User,

                         Framed-Protocol = PPP,

                         Fall-Through = Yes

 

Point is that the group Group1 should be authenticated against
ntlm_auth_vpn, other groups against vpn_auth_name

 

However this config doesn't work, debug lokks strange ( takes only first
Cisco Avpair attribute ), probably something wrong In the config

 

Thanks fro your help

 

pet

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101104/e0e18622/attachment.html>


More information about the Freeradius-Users mailing list