freeradius and Cisco VPN IPSEC profiles authentication

Alan DeKok aland at
Fri Nov 12 21:31:11 CET 2010

Jevos, Peter wrote:
> Thank you Alan , it makes sense. But it doesn't solve my problem

  (1) Edit your responses.  It shows consideration for other people

  (2) pick one problem at a time.  Changing "the problem" midway in a
conversation makes it look like you don't care about the solution to the
first problem.

> In my cisco configuration there is a group:
> crypto isakmp client configuration group vipgroup
> key xxxx
> dns
> wins
> pool vpn-vipgroup
> How could i ensure that this group with this parameters will be
> accesible only for the users from the domain vipdomainusers ( e.g.
> ntlm_auth_vipusers authentication) ?

  Go back and read my messages again.  Is there anything in the RADIUS
packet which will distinguish the different groups?  If not, you're out
of luck.

> The other groups configured on the same router will be accessible for
> any domain users ( but i cannot name hundreds domains in the freeradius
> config )
> point is that cisco radius doesn't send a group name ( vipgroup ) in the
> request to the radius server

  Go ask Cisco to fix their equipment.

  Alan DeKok.

More information about the Freeradius-Users mailing list