[c-nsp] vpn3000 split tunneling
Dale W. Carder
dwcarder at doit.wisc.edu
Mon Aug 15 17:31:03 EDT 2005
We have a vpn-3000 concentrator and would like to force
split-tunneling for any user connecting from off-site, and
tunnel everything for a user connecting from on-site. The
motivation for this is not to pay for extra transit.
Is anyone doing this, and how? One example I have heard
is to use radius to force what group the user is in?
I would definately appreciate config tidbits, as it's past
my knowledge of the vpn3k or radius. TAC says that this can
only be done with Cisco ACS, which I don't exactly believe.
We're a freeradius shop.
Dale
----------------------------------
Dale W. Carder - Network Engineer
University of Wisconsin at Madison
http://net.doit.wisc.edu/~dwcarder
More information about the cisco-nsp
mailing list