Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
2
Replies

VPN, Split-tunneling and RADIUS

jose.couto
Level 1
Level 1

‎10-19-2005 05:19 AM - edited ‎02-21-2020 02:03 PM

Hello.

We know about the ipsec:inacl attribute for configuring split-tunneling for a VPN group, but AFAWK you must define the ACL in the local configuration of the router. Is it possible to define the ACL in the RADIUS server instead? How? By the way, is it possible to do the same for the IPsec pools?

Thank you beforehand.

Labels:
0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎10-26-2005 06:40 AM

This feature introduces the radius-server attribute 11 direction default command, which allows you to change the default direction of filters for your access control lists (ACL) via RADIUS. (RADIUS attribute 11 (Filter-Id) indicates the name of the filter list for the user.) Enabling this command allows you to change the filter direction to inboundwhich stops traffic from entering a router, and reduces resource consumptionrather than keeping the outbound default direction, which waits until the traffic is about to leave the network before filtering occurs.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftacldir.htm

0 Helpful

jose.couto
Level 1
Level 1
In response to b.hsu

‎10-27-2005 07:19 AM

Thanks for your answer, but I don't see how to use this for the problem we are trying to solve.

As I understand it, the Filter-Id option specifies an ACL in the router's local config, but this is what we are trying to avoid.

We would like to define per group downloadable ACLs for split-tunneling in the ACS config, in order to push them into a IOS router. Any way to do this?

Thanks.

0 Helpful
Customers Also Viewed These Support Documents