[c-nsp] VPDN & RAIDUS Problems/configurations

M.Palis security at cytanet.com.cy
Thu Nov 25 04:06:33 EST 2004


Thank you all for your suggestions.
I do face another problem now concerning VPDNS. We Have a couple of
Access-Servers (AS5300 and AS5350). We want to enable VPDN on them but not
any tunnel Parameters. Tunnel parameters will be send to the ASs via a
radius

I configure my radius server with the following tunnel parameters.

vpn     Password="cisco", Service-Type = Outbound-User
        Tunnel-Type = :1:L2TP,
        Tunnel-Medium-Type = :1:IP,
        Tunnel-Server-Endpoint = :1:1192.168.1.1,
        Tunnel-Assignment-ID = :1:vpntest,
        Tunnel-Password = :1:test

What happens know is that in Order for the tunnel to be establish the LNS
requires that we change the host na,e of the LAC to vpntest because it seems
that the LAC does not send the tunnel ID as the one it receives vi radius
(vpntest). In case we change the LAC host name to vpntest, tunnel is
establish.

Here are the configs concerning VPN configuration

LAC (AS5300)
aaa new-model
aaa authentication login default local group radius enable
aaa authentication login admin local line
aaa authentication ppp default  group radius
aaa authorization exec default group radius if-authenticated
aaa authorization network default local group radius
aaa authorization reverse-access default local
aaa accounting update newinfo
aaa accounting network default start-stop group radius
!

!
vpdn enable
vpdn search-order domain


LNS

aaa new-model
aaa authentication login default local group radius enable
aaa authentication login admin local line
aaa authentication ppp default local group radius
aaa authorization exec default local group radius if-authenticated
aaa authorization network default local group radius
aaa authorization reverse-access default local
aaa accounting update newinfo
aaa accounting network default start-stop group radius

!


!

vpdn enable
vpdn search-order domain
!
!
vpdn-group 2
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname vpntest
 local name vpntest
 source-ip 192.168.10.1
!


interface Virtual-Template1
 ip unnumbered Loopback1
 no logging event link-status
 peer default ip address pool vpdn_pool
 ppp authentication pap chap
!

Any help will be appreciated



More information about the cisco-nsp mailing list