freeradius and Cisco VPN IPSEC profiles authentication

Jevos, Peter Peter.Jevos at
Thu Nov 4 11:41:56 CET 2010

Hi , I tried to setup configuration from different sources from  the
web, but it's not easy


I have cisco vpn access server where are more IPSEC proflles ( groups ).
They should be authenticated against Freeradius.

One profile called Group1 should be authenticated against ntlm_auth_vpn
( already working), others against vpn_auth_name


So my Users file is:


DEFAULT          Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==

                Tunnel-Type = "ESP",

                Tunnel-Private-Group-ID = "Group1",

                Tunnel-Password = "cisco",






                Service-Type = Framed-User,

                Framed-Protocol = PPP,



DEFAULT        Auth-Type := vpn_auth_name, , NAS-IP-Address ==

                          Service-Type = Framed-User,

                         Framed-Protocol = PPP,

                         Fall-Through = Yes


Point is that the group Group1 should be authenticated against
ntlm_auth_vpn, other groups against vpn_auth_name


However this config doesn't work, debug lokks strange ( takes only first
Cisco Avpair attribute ), probably something wrong In the config


Thanks fro your help







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list