Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN3K: Client Type Limiting via RADIUS

Reply
Thread Tools

VPN3K: Client Type Limiting via RADIUS

 
 
Eric Sorenson
Guest
Posts: n/a
 
      01-10-2005
The original problem: I want to start rolling out a required client
firewall for Windows VPN users. However, since only the Windows VPN
Client can report the presence of the firewall, Linux and Mac users
get denied when they try to connect.

So I'm making a new group for Unix users with the client firewall
setting "optional". My groups are configured via RADIUS, and I've set
up my FreeRadius dictionary to include the new 4.1 attributes, but
I'm hitting a wall with the cVPN3000-Client-Type-Version-Limiting
attribute.

The rules for setting Client Type limiting via the web GUI say

Construct rules in the format p[ermit]/d[eny] <type> : <version>, for
example, d VPN 3002 : 3.6* .

Use a separate line for each rule.

But I can't seem to specify more than one rule via RADIUS. Returning
multiple cVPN3000-Client-Type-Version-Limiting attributes doesn't
work (everything after the first one gets ignored), you can't have
continued lines in the radius 'users' file (say, with "\<cr>" like
in shell), and anything like "\n" or "\0x13" gets ignored, etc.

My workaround at the moment is to make two groups, each with its own
cVPN3000-Client-Type-Version-Limiting attribute, but this is more
than a little bit silly. Anybody know the right magic to make this work?
--

- Eric Sorenson - Explosive Networking - http://eric.explosive.net -
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
6500: User-Based Rate Limiting AND Total Rate Limiting Patrick Cervicek Cisco 0 08-07-2007 03:07 PM
Limiting Radius sessions by user =?Utf-8?B?RGlkaW5l?= MCSE 6 09-06-2006 03:27 PM
Limiting user max throughput via router? trs80 Cisco 4 08-25-2006 05:47 AM
Prblm: Radius, WLAN, roaming profiles and software install via group policies Ola Theander Wireless Networking 0 09-08-2004 09:50 PM
Cisco radius attributes with Funk Steel-Belted Radius Server David Cisco 0 11-06-2003 09:54 PM



Advertisments