Ok I just found it: 24 groups max, for c2960x http://www.cisco.com/en/US/docs/switches/lan/catalyst2960x/software/15.0_2_EX/layer2/configuration_guide/b_lay2_152ex_2960-x_cg_chapter_010.html#con_1275881
... View more
Hello, I'm searching two 48 ports switches that support LACP cross-stacking with more than 8 groups (I need 10-12 groups). I need a switch with a fair price to do the LACP. Thanks a lot, Ludovic
... View more
Hello, does anybody know if I can setup a cross-stack LACP between two stacked C2960S-48TS-L(with the additional stack module) ? If it is, is there any limit (ports or groups limits)? Thanks a lot, Ludovic
... View more
Hi Herbert, thx for the answer. I have it, I just added in the radius class 25 attribute "OU=grouppolicyname;" I.E. for SSL only in the radius classe 25 attribute I have "OU=WebSSLGroup;CN=WebSSL_user;"
... View more
FYI, If you use IP-sec over L2TP you can try to activate the protocol MS-CHAP-V2 on the RA profile, and use the normal l2tp over ipsec client on the mac (not the IPSec for cisco). Hope this will help you.
... View more
Hello, I'm trying to block the L2TP over IPSEC,and allow Clientless VPN for a group from the Active Directory (with a radius server). But I've failed to deny the ipsec access... I have two groups that have a differents class.25 attributes: CN=IPSEC_user; CN=WebSSL_user; And I want deny the ipsec acces for CN=WebSSL_user but I want allow this one to access Clientless SSL VPN! and vice versa forCN=IPSEC_user; For the group IPSEC_user there is no problem (I've disabled almost everything in a DAP), But for CN=WebSSL_user I don't know how to deny the IPSEC access.
... View more
Hello, I just created a remote access vpn on my ASA5510 "8.4(2)8". But I'm not sure the exception for the NAT is correct, it's working but it's more about the security (with the old version I used explicit exception rules). In the lan side there is a subnet (192.168.254.0/24) who is using dynamic nat for internet access. The network for remote access for vpn's user is the following 172.17.0.0/24. When the vpn's user try to reach the subnet 192.168.254.0/24, they had the reverse path failure error. So I have added the following nat rule before the dynamic rule for internet access: nat (inside, outside) source static mysubnet mysubnet destination static RA_VPN_Network RA_VPN_Network Is it correct? no security hole?
... View more