VPN3K: Client Type Limiting via RADIUS

Discussion in 'Cisco' started by Eric Sorenson, Jan 10, 2005.

  1. The original problem: I want to start rolling out a required client
    firewall for Windows VPN users. However, since only the Windows VPN
    Client can report the presence of the firewall, Linux and Mac users
    get denied when they try to connect.

    So I'm making a new group for Unix users with the client firewall
    setting "optional". My groups are configured via RADIUS, and I've set
    up my FreeRadius dictionary to include the new 4.1 attributes, but
    I'm hitting a wall with the cVPN3000-Client-Type-Version-Limiting
    attribute.

    The rules for setting Client Type limiting via the web GUI say

    Construct rules in the format p[ermit]/d[eny] <type> : <version>, for
    example, d VPN 3002 : 3.6* .

    Use a separate line for each rule.

    But I can't seem to specify more than one rule via RADIUS. Returning
    multiple cVPN3000-Client-Type-Version-Limiting attributes doesn't
    work (everything after the first one gets ignored), you can't have
    continued lines in the radius 'users' file (say, with "\<cr>" like
    in shell), and anything like "\n" or "\0x13" gets ignored, etc.

    My workaround at the moment is to make two groups, each with its own
    cVPN3000-Client-Type-Version-Limiting attribute, but this is more
    than a little bit silly. Anybody know the right magic to make this work?
    --

    - Eric Sorenson - Explosive Networking - http://eric.explosive.net -
     
    Eric Sorenson, Jan 10, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matthew Melbourne

    EzVPN IOS Client with VPN3k - Tunnel Drops

    Matthew Melbourne, Apr 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    644
    Matthew Melbourne
    Apr 28, 2004
  2. Bill Thompson

    VPN3k & Checkpoint FW "cluster"

    Bill Thompson, Jul 11, 2004, in forum: Cisco
    Replies:
    0
    Views:
    523
    Bill Thompson
    Jul 11, 2004
  3. robbanwh
    Replies:
    1
    Views:
    402
  4. ahpook

    VPN3K IMAPS proxy

    ahpook, Jun 16, 2006, in forum: Cisco
    Replies:
    0
    Views:
    595
    ahpook
    Jun 16, 2006
  5. Patrick Cervicek
    Replies:
    0
    Views:
    824
    Patrick Cervicek
    Aug 7, 2007
Loading...

Share This Page