flexvpn eap radius author attribute ?

collinsctk · ‎09-28-2012

blow is the configuration from cisco guide:

aaa group server radius eap-server

server 192.168.2.1

!

aaa authentication login eap-list group eap-server

!

crypto pki trustpoint trustpoint1

enrollment url http://192.168.3.1:80

revocation-check crl

!

crypto ikev2 profile ikev2-profile1

match identity remote address 0.0.0.0

authentication local rsa-sig

authentication remote eap query-identity

pki trustpoint trustpoint1

aaa authentication eap eap-list

virtual-template 1

!

crypto ipsec transform-set transform1 esp-aes esp-sha-hmac

!

crypto ipsec profile ipsec-profile1

set transform-set trans transform1

set ikev2-profile ikev2-profile1

!

interface Ethernet0/0

ip address 192.168.1.1 255.255.255.0

!

interface Virtual-Template1 type tunnel

ip unnumbered Ethernet0/0

tunnel mode ipsec ipv4

tunnel protection ipsec profile ipsec-profile1

!

radius-server host 192.168.2.1 key key1

-----------------------------------------------------------------------------------

but i can not connect to this flex server from windows7, from debug,i known there have a author failed,how to configure ACS to author ip addr to remote client (win7),i only want to know the radius attribute id and value!

Herbert Baerten · ‎10-19-2012

Hello Ke,

not sure if you still need help with this, but just in case (or if anyone else arrives here with the same question):

This page describes all the Radius attributes you can use with Flex VPN:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-apx-flex-rad.html

For your specific question, the ipv4 address is pushed using the attribute Framed-IP-Address (IETF #8).

An IPv6 address can be pushed using the following Cisco vendor-specifc attribute (Cisco AV-pair):

cisco-avpair="ipsec:addrv6=ipv6-addr"

hth

Herbert