We for example have a pair of Cisco IOS routers with multiple vrf's
(usually one per customer) where client vpn's terminate, one xauth group
per customer and this authorization requests makes sure that a user of
customer1 can't connect with another group.
On 2013-11-07 18:57, Michael wrote:
> what
It seems you don't understand the importance of those *authorization*
requests: without them every user could authenticate against *every*
xauth group you've configured!
On 2013-11-07 18:20, Michael wrote:
> so you are talking about actually authenticating these requests
> successfully where i'm l
My memory might be wrong on the order of requests.
Our radiator config is as follows:
# handler for vpn group-users
# those group users are also stored in our database but with a different
type, all have the password 'cisco'
# the reply attributes are group specific, e.g.:
Session-Timeout=0
Fram
Yes, a Cisco IOS router configured to terminate IPSec IKEv1 client vpn
will send such an authorization request after the user auth to check if
the user is allowed to connect using this group.
On 2013-11-07 06:04, Hugh Irvine wrote:
> Hello Michael -
>
> This is configured on the Cisco box - you wi
Hello Michael -
This is configured on the Cisco box - you will need to ask your network people
to turn it off.
regards
Hugh
On 7 Nov 2013, at 10:05, Michael wrote:
> i'm looking to stop it. not set it up. i'm not sure what had
> enabled/configured it to start happening. I guess this is
i'm looking to stop it. not set it up. i'm not sure what had
enabled/configured it to start happening. I guess this is probably the
wrong place to ask.
On 06/11/13 04:56 PM, Hugh Irvine wrote:
> Hello Michael -
>
> This sounds like Cisco VPDN tunnelling.
>
> This example is from the standard “
Hello Michael -
This sounds like Cisco VPDN tunnelling.
This example is from the standard “users” file in the Radiator distribution:
# This example shows how to configure a Cisco VPDN circuit:
open.com.au User-Password=cisco, Service-Type=Outbound-User
cisco-avpair = "vpdn:tunnel-i
