Showing results for 
Search instead for 
Did you mean: 

How to configure Easy VPN Server + downloadable ACL


Hi all

I'm am wanting to know how to configure  Easy VPN server with downloadable ACLs on a cisco router 2811.

Indeed, I would like to set up a remote access vpn that uses radius for authentication of VPN clients. The radius server is connected to an Active Directory server that contains the login / password. I would like to on the basis of the user who connects to the VPN, the ACL that define the services or servers to which this user can access is automatically applied on the router and define the rights of the users.

How can I do this?

Thank you in advance.


Cisco Employee
Cisco Employee


Yes you could do this by using any standard radius server. What you need to do is to:

1. Configure ezvpn using dynamic VTI, so that a virtual access interface is created when the user connects

2. Enable network authorization using radius for ezvpn, this would allow the per-user attributes to be applied to the virtual access interface for the user

3. Configure the radius server for the user profile using cisco avpair (radius attribute type 26, vendor id 9, vendor type 1). The avpair to be used is ipsec:inacl=xxx.

For more details, please see:

Hope this helps.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: