Solved: multiple vpdn-groups

sofya.lifshits · ‎03-28-2016

Hello!

I have configuration for l2tp connections, users are authenticated by Radius. It works and everything is OK.

Now I need to send IP address of DNS server to some users. I tried isakmp configuration client, but it doesn't work. Then I tried settings in Virtual-Template and they applied successfully. So I create another Virtual-Template and another vpdn-group. But all users connect to default vpdn-group and I don't know how to change it.

I use Windows 7 as a client. Cisco 7206 (Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)).

!
vpdn-group L2TP_VPN
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
local name MAIN
no l2tp tunnel authentication
!
vpdn-group l2tp_vpn_test
accept-dialin
protocol l2tp
virtual-template 10
terminate-from hostname lac_test
local name lns_test
no l2tp tunnel authentication
!

I tried these Radius attributes:

Mar 28 18:45:17 MSK: RADIUS: Cisco AVpair [1] 28 "vpdn:tunnel-id=lac_test"
Mar 28 18:45:17 MSK: RADIUS: Tunnel-Client-Auth-I[90] 13 "lac_test"
Mar 28 18:45:17 MSK: RADIUS: Tunnel-Server-Auth-I[91] 25 "lns_test"

Can you help me, please?

Philip D'Ath · ‎03-28-2016

I'm not sure of the answer.

What about if you send the DNS server back in the RADIUS response? Perhaps try MS-Primary-DNS-Server and/or MS-Secondary-DNS-Server.

Also check out (search for DNS):

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrdat2.html

View solution in original post

Philip D'Ath · ‎03-28-2016

I'm not sure of the answer.

What about if you send the DNS server back in the RADIUS response? Perhaps try MS-Primary-DNS-Server and/or MS-Secondary-DNS-Server.

Also check out (search for DNS):

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrdat2.html

sofya.lifshits · ‎03-30-2016

Thank you! That works!