freeradius and Cisco VPN IPSEC profiles authentication
Jevos, Peter
Peter.Jevos at oriflame.com
Thu Nov 4 11:41:56 CET 2010
Hi , I tried to setup configuration from different sources from the
web, but it's not easy
I have cisco vpn access server where are more IPSEC proflles ( groups ).
They should be authenticated against Freeradius.
One profile called Group1 should be authenticated against ntlm_auth_vpn
( already working), others against vpn_auth_name
So my Users file is:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==
10.1.1.252
Tunnel-Type = "ESP",
Tunnel-Private-Group-ID = "Group1",
Tunnel-Password = "cisco",
Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7",
Cisco-Avpair="ipsec:addr-pool=vpn_pool",
Cisco-Avpair="ipsec:inacl=101",
Cisco-Avpair="ipsec:key-exchange=ike",
Cisco-Avpair="ipsec:key-exchange=preshared-key",
Service-Type = Framed-User,
Framed-Protocol = PPP,
DEFAULT Auth-Type := vpn_auth_name, , NAS-IP-Address ==
10.1.1.252
Service-Type = Framed-User,
Framed-Protocol = PPP,
Fall-Through = Yes
Point is that the group Group1 should be authenticated against
ntlm_auth_vpn, other groups against vpn_auth_name
However this config doesn't work, debug lokks strange ( takes only first
Cisco Avpair attribute ), probably something wrong In the config
Thanks fro your help
pet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101104/e0e18622/attachment.html>
More information about the Freeradius-Users
mailing list