Re: VPN access control using 802.1x authentication

rbenigno · ‎10-27-2005

I'm trying to setup an 871 with 802.1x authentication for home users. The goal is to allow the employees corporate laptop and IP Phone to communicate across a VPN connection, but unauthenticated users should only be allowed internet access.

Where I stand now is that authenticated users work as expected. The issue is that unauthenticated users are not allowed to access the network (VPN or Internet).

There are several documents on the Cisco site that explain how to do this (link below), but they configs don't seem to work. The examples are not using routers with integrated switches, so I'm thinking that may be issue. Though I did find some references that made it should like it should still work, so I still have some hope...

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a00801fdef9.shtml

Relevant portions of the config are attached...

ssoberlik · ‎11-03-2005

I suggest you check your "split-tunnel" configuration at the EzVPN Server end. Make sure that only traffic that is destined to the corporate network is encrypted and the traffic to the Internet is not encrypted.

mel.woodley · ‎11-05-2005

I am trying to do the same thing but using DMVPN versus easyvpn. Again, I can get the workstation with a cert to authenticate and get an IP address on the corp network. However the non-authenticated workstation can not get an ip address from the other pool. I have opened several tac cases and no one at cisco seems to know anything about this router nor are there any sample configs for it. I just don't think this feature is working yet. If anyone does have it working I would greatly appreciate some help.

thanks