cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to configure Easy VPN Server + downloadable ACL

josedunet
Beginner
Beginner

Hi all

I'm am wanting to know how to configure  Easy VPN server with downloadable ACLs on a cisco router 2811.

Indeed, I would like to set up a remote access vpn that uses radius for authentication of VPN clients. The radius server is connected to an Active Directory server that contains the login / password. I would like to on the basis of the user who connects to the VPN, the ACL that define the services or servers to which this user can access is automatically applied on the router and define the rights of the users.

How can I do this?

Thank you in advance.

1 REPLY 1

wzhang
Cisco Employee
Cisco Employee

Hi,

Yes you could do this by using any standard radius server. What you need to do is to:

1. Configure ezvpn using dynamic VTI, so that a virtual access interface is created when the user connects

2. Enable network authorization using radius for ezvpn, this would allow the per-user attributes to be applied to the virtual access interface for the user

3. Configure the radius server for the user profile using cisco avpair (radius attribute type 26, vendor id 9, vendor type 1). The avpair to be used is ipsec:inacl=xxx.

For more details, please see:

http://www.cisco.com/en/US/partner/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_srvr_ps10592_TSD_Products_Configuration_Guide_Chapter.html#wp1519508

Hope this helps.

Thanks,

Wen

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: