EzVPN in NEM + ACS

Blixten · ‎01-16-2004

Hi!

I am about to setup a couple of branch office sites connected to the corporate network thru Easy VPN Remote Access. I will be using a PIX501 at the VPN client side and a VPN3030 Concentrator at server side.

My question is, can I use our Cisco Secure RADIUS server to setup GROUPS or am I bound to use groups internally configured in the Concentrator?

Theoretically I belive I can but I lack the "Allow Network Extension"-check box when configuring groups in ACS so I´m not sure.

The ACS SW version is v 3.0.

Thanx in advance.

jsivulka · ‎01-22-2004

The group names need to be configured locally. The RADIUS server can then be configured with the group permissions.

Blixten · ‎01-22-2004

Thank you for taking your time to answer!

Yes, that´s how I plan to set it up but my worries now is to locate the RADIUS group attribute that specifies that Network Extension Mode is allowed.

It´s not in the list of available attributes in our Cisco ACS 3.0.

Blixten · ‎01-22-2004

Appearantly the attribute has been lost sometime during the compilation of the ACS.

I recieved this answer from Pete Davis in an "Ask the expert" thread in another forum here on Cisco:

psd - CISCO SYSTEMS

Jan 20, 2004, 12:12pm PST

Unfortunately this attribute seems to have been missed while compiling the list of available attributes. My suggestion would be to open up a TAC case so that a bug can filed against Cisco Secure ACS. Engineering can then work with your TAC engineer to help provide you with a fix.