On 2013-02-26 22:35, Heikki Vatiainen wrote: > On 02/26/2013 07:04 PM, Alexander Hartmaier wrote: > >> After some googling I've found the answer to this question [1] asked on >> this list in 2003 [2] >> Seems Cisco ASAs, which where called PIX before, where called Altiga >> before [3] >> >> The current dictionary that ships with Radiator has the attributes up to >> number 137. >> The names in the Cisco ASA doc have some common attributes but also >> changed and new ones. >> I'd replace all Altiga definitions with Cisco-ASA- attributes with their >> names from the table in [2] and submit it to the list for replacement in >> the default dictionary, does that sound sane after 13 years? > Since the attributes are in use currently, the updated entries could be > shipped at least as a separate dictionary file for those who need to use > the latest definitions. I have also seen Altiga attributes used in > current Cisco VPN deployments, so I think it would be a good idea to > have the current definitions available too. Yes, Cisco ASAs use the attributes defined in the document I've linked which use the Altiga VSA (3076) and not the Cisco VSA (9). I'd move the legacy Altiga VSAs into a separate dictionary file in the goodies dir and put the current Cisco VSAs in the default dictionary file. > > If you have the entries, it would be good to see them and then consider > what would be the best way to include them. If there are conflicting > entries, then care would be needed when considering how to add them. > Otherwise any users that may have equipment using them would have an > unfortunate surprise. > > Thanks! > Heikki After an hour or typing I came up with this:
VENDORATTR 3076 Cisco-VPN-Access-Hours 1 string VENDORATTR 3076 Cisco-VPN-Simultaneous-Logins 2 integer VENDORATTR 3076 Cisco-VPN-Primary-DNS 5 ipaddr VENDORATTR 3076 Cisco-VPN-Secondary-DNS 6 ipaddr VENDORATTR 3076 Cisco-VPN-Primary-WINS 7 ipaddr VENDORATTR 3076 Cisco-VPN-Secondary-WINS 8 ipaddr VENDORATTR 3076 Cisco-VPN-SEP-Card-Assignment 9 integer VENDORATTR 3076 Cisco-VPN-Tunneling-Protocols 11 integer VENDORATTR 3076 Cisco-VPN-IPsec-Sec-Association 12 string VENDORATTR 3076 Cisco-VPN-IPsec-Authentication 13 string VENDORATTR 3076 Cisco-VPN-Banner1 15 string VENDORATTR 3076 Cisco-VPN-IPsec-Allow-Passwd-Store 16 integer VENDORATTR 3076 Cisco-VPN-Use-Client-Address 17 integer VENDORATTR 3076 Cisco-VPN-PPTP-Encryption 20 integer VENDORATTR 3076 Cisco-VPN-L2TP-Encryption 21 integer VENDORATTR 3076 Cisco-VPN-Group-Policy 25 string VENDORATTR 3076 Cisco-VPN-IPsec-Split-Tunnel-List 27 string VENDORATTR 3076 Cisco-VPN-IPsec-Default-Domain 28 string VENDORATTR 3076 Cisco-VPN-IPsec-Split-DNS-Names 29 string VENDORATTR 3076 Cisco-VPN-IPsec-Tunnel-Type 30 integer VENDORATTR 3076 Cisco-VPN-IPsec-Mode-Config 31 integer VENDORATTR 3076 Cisco-VPN-IPsec-User-Group-Lock 33 integer VENDORATTR 3076 Cisco-VPN-IPsec-Over-UDP 34 integer VENDORATTR 3076 Cisco-VPN-IPsec-Over-UDP-Port 35 integer VENDORATTR 3076 Cisco-VPN-Banner2 36 string VENDORATTR 3076 Cisco-VPN-PPTP-MPPC-Compression 37 integer VENDORATTR 3076 Cisco-VPN-L2TP-MPPC-Compression 38 integer VENDORATTR 3076 Cisco-VPN-IPsec-IP-Compression 39 integer VENDORATTR 3076 Cisco-VPN-IPsec-IKE-Peer-ID-Check 40 integer VENDORATTR 3076 Cisco-VPN-IKE-Keep-Alives 41 integer VENDORATTR 3076 Cisco-VPN-IPsec-Auth-On-Rekey 42 integer VENDORATTR 3076 Cisco-VPN-Required-Client-Firewall-Vendor-Code 45 integer VENDORATTR 3076 Cisco-VPN-Required-Client-Firewall-Product-Code 46 integer VENDORATTR 3076 Cisco-VPN-Required-Client-Firewall-Description 47 string VENDORATTR 3076 Cisco-VPN-Require-HW-Client-Auth 48 integer VENDORATTR 3076 Cisco-VPN-Required-Individual-User-Auth 49 integer VENDORATTR 3076 Cisco-VPN-Authenticated-User-Idle-Timeout 50 integer VENDORATTR 3076 Cisco-VPN-Cisco-IP-Phone-Bypass 51 integer VENDORATTR 3076 Cisco-VPN-IPsec-Split-Tunneling-Policy 55 integer VENDORATTR 3076 Cisco-VPN-IPsec-Required-Client-Firewall-Capability 56 integer VENDORATTR 3076 Cisco-VPN-IPsec-Client-Firewall-Filter-Name 57 string VENDORATTR 3076 Cisco-VPN-IPsec-Client-Firewall-Filter-Optional 58 integer VENDORATTR 3076 Cisco-VPN-IPsec-Backup-Servers 59 string VENDORATTR 3076 Cisco-VPN-IPsec-Backup-Server-List 60 string VENDORATTR 3076 Cisco-VPN-DHCP-Network-Scope 61 string VENDORATTR 3076 Cisco-VPN-Intercept-DHCP-Configure-Msg 62 integer VENDORATTR 3076 Cisco-VPN-MS-Client-Subnet-Mask 63 integer VENDORATTR 3076 Cisco-VPN-Allow-Network-Extension-Mode 64 integer VENDORATTR 3076 Cisco-VPN-Authorization-Type 65 integer VENDORATTR 3076 Cisco-VPN-Authorization-Required 66 integer VENDORATTR 3076 Cisco-VPN-Authorization-DN-Field 67 string VENDORATTR 3076 Cisco-VPN-IKE-KeepAlive-Confidence-Interval 68 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Content-Filter-Parameters 69 integer VENDORATTR 3076 Cisco-VPN-WebVPN-URL-List 71 string VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forward-List 72 string VENDORATTR 3076 Cisco-VPN-WebVPN-Access-List 73 string VENDORATTR 3076 Cisco-VPN-Cisco-LEAP-Bypass 75 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Homepage 76 string VENDORATTR 3076 Cisco-VPN-Client-Type-Version-Limiting 77 string VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forwarding-Name 79 string VENDORATTR 3076 Cisco-VPN-IE-Proxy-Server 80 string VENDORATTR 3076 Cisco-VPN-IE-Proxy-Server-Policy 81 integer VENDORATTR 3076 Cisco-VPN-IE-Proxy-Exception-List 82 string VENDORATTR 3076 Cisco-VPN-IE-Proxy-Bypass-Local 83 integer VENDORATTR 3076 Cisco-VPN-IKE-Keepalive-Retry-Interval 84 integer VENDORATTR 3076 Cisco-VPN-Tunnel-Group-Lock 85 string VENDORATTR 3076 Cisco-VPN-Access-List-Inbound 86 string VENDORATTR 3076 Cisco-VPN-Access-List-Outbound 87 string VENDORATTR 3076 Cisco-VPN-Perfect-Forward-Secrecy-Enable 88 integer VENDORATTR 3076 Cisco-VPN-NAC-Enable 89 integer VENDORATTR 3076 Cisco-VPN-NAC-Status-Query-Timer 90 integer VENDORATTR 3076 Cisco-VPN-NAC-Revalidation-Timer 91 integer VENDORATTR 3076 Cisco-VPN-NAC-Default-ACL 92 string VENDORATTR 3076 Cisco-VPN-WebVPN-URL-Entry-Enable 93 integer VENDORATTR 3076 Cisco-VPN-WebVPN-File-Access-Enable 94 integer VENDORATTR 3076 Cisco-VPN-WebVPN-File-Server-Entry-Enable 95 integer VENDORATTR 3076 Cisco-VPN-WebVPN-File-Server-Browsing-Enable 96 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forwarding-Enable 97 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Outlook-Exchange-Proxy-Enable 98 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Port-Forwarding-HTTP-Proxy 99 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Auto-Applet-Download-Enable 100 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Citrix-Metaframe-Enable 101 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Apply-ACL 102 integer VENDORATTR 3076 Cisco-VPN-WebVPN-SSL-VPN-Client-Enable 103 integer VENDORATTR 3076 Cisco-VPN-WebVPN-SSL-VPN-Client-Required 104 integer VENDORATTR 3076 Cisco-VPN-WebVPN-SSL-VPN-Client-Keep-Installation 105 integer VENDORATTR 3076 Cisco-VPN-SVC-Keepalive 107 integer VENDORATTR 3076 Cisco-VPN-SVC-DPD-Interval-Client 108 integer VENDORATTR 3076 Cisco-VPN-SVC-DPD-Interval-Gateway 109 integer VENDORATTR 3076 Cisco-VPN-SVC-Rekey-Time 110 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Deny-Message 116 string VENDORATTR 3076 Cisco-VPN-Extended-Authentication-On-Rekey 122 integer VENDORATTR 3076 Cisco-VPN-SVC-DTLS 123 integer VENDORATTR 3076 Cisco-VPN-SVC-MTU 125 integer VENDORATTR 3076 Cisco-VPN-SVC-Modules 127 string VENDORATTR 3076 Cisco-VPN-SVC-Profiles 128 string VENDORATTR 3076 Cisco-VPN-SVC-Ask 131 string VENDORATTR 3076 Cisco-VPN-SVC-Ask-Timeout 132 integer VENDORATTR 3076 Cisco-VPN-IE-Proxy-PAC-URL 133 string VENDORATTR 3076 Cisco-VPN-Strip-Realm 135 integer VENDORATTR 3076 Cisco-VPN-Smart-Tunnel 136 string VENDORATTR 3076 Cisco-VPN-WebVPN-ActiveX-Relay 137 integer VENDORATTR 3076 Cisco-VPN-Smart-Tunnel-Auto 138 integer VENDORATTR 3076 Cisco-VPN-Smart-Tunnel-Auto-Signon-Enable 139 string VENDORATTR 3076 Cisco-VPN-VLAN 140 integer VENDORATTR 3076 Cisco-VPN-NAC-Settings 141 string VENDORATTR 3076 Cisco-VPN-Member-Of 145 string VENDORATTR 3076 Cisco-VPN-Tunnel-Group-Name 146 string VENDORATTR 3076 Cisco-VPN-Client-Type 150 integer VENDORATTR 3076 Cisco-VPN-Session-Type 151 integer VENDORATTR 3076 Cisco-VPN-Session-Subtype 152 integer VENDORATTR 3076 Cisco-VPN-Address-Pools 217 string VENDORATTR 3076 Cisco-VPN-IPv6-Address-Pools 218 string VENDORATTR 3076 Cisco-VPN-IPv6-VPN-Filter 219 string VENDORATTR 3076 Cisco-VPN-Privilege-Level 220 integer VENDORATTR 3076 Cisco-VPN-WebVPN-Macro-Value1 223 string VENDORATTR 3076 Cisco-VPN-WebVPN-Macro-Value2 224 string I've changed Cisco-ASA- to Cisco-VPN- because they are also used by the old VPN3000 concentrators and the old PIXen. If you agree with the naming (straight from the Cisco docs) I'll also add the individual values for each attribute (that will be another 500 lines or so). > >> [1] >> http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDIQFjAA&url=http%3A%2F%2Fwww.open.com.au%2Fpipermail%2Fradiator%2F2003-October%2F008053.html&ei=LOksUebXOsvRsgaPpoDQCw&usg=AFQjCNGveQ6v-u4hYtw6RZA5hP8FD_TlUg&sig2=7pknyx-Cqi079pJBCP_SqA&bvm=bv.42965579,d.Yms&cad=rja >> [2] >> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html#wp1753749 >> [3] http://www.networkworld.com/news/2000/0119cistiga.html >> >> -- >> Best regards, Alex >> >> >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >> Handelsgericht Wien, FN 79340b >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> Notice: This e-mail contains information that is confidential and may be >> privileged. >> If you are not the intended recipient, please notify the sender and then >> delete this e-mail immediately. >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >> > _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
