I am about to setup a couple of branch office sites connected to the corporate network thru Easy VPN Remote Access. I will be using a PIX501 at the VPN client side and a VPN3030 Concentrator at server side.
My question is, can I use our Cisco Secure RADIUS server to setup GROUPS or am I bound to use groups internally configured in the Concentrator?
Theoretically I belive I can but I lack the "Allow Network Extension"-check box when configuring groups in ACS so I´m not sure.
The ACS SW version is v 3.0.
Thanx in advance.
Thank you for taking your time to answer!
Yes, that´s how I plan to set it up but my worries now is to locate the RADIUS group attribute that specifies that Network Extension Mode is allowed.
It´s not in the list of available attributes in our Cisco ACS 3.0.
Appearantly the attribute has been lost sometime during the compilation of the ACS.
I recieved this answer from Pete Davis in an "Ask the expert" thread in another forum here on Cisco:
psd - CISCO SYSTEMS
Jan 20, 2004, 12:12pm PST
Unfortunately this attribute seems to have been missed while compiling the list of available attributes. My suggestion would be to open up a TAC case so that a bug can filed against Cisco Secure ACS. Engineering can then work with your TAC engineer to help provide you with a fix.