[c-nsp] Cisco VPN Client - accounting log

Piestaga piestaga at aster.pl
Wed Feb 8 10:08:09 EST 2006


can anybody take a look at the case I trying to cope with.

My radius (Funk Software) clears the existing sessions under several
One of them says that if another session comes to radius with the same
NAS-PORT, it is the sign for radius that the previous session is not
active anymore and radius can clear the fantom record of that session.

My problem is that couple of months ago, for established Cisco VPN
IPSec session, the NAS was sending to radius the NAS-PORT attribute.
Now it is not (in fact NAS sends 'zero' as a NAS-PORT).
It causes that every authenticated second IPSec session clears the
previous one what causes that I am not able to verify the number of
session from single User. (I need to limit the total number of
sessions to one from single user at a time)

I tried to force the NAS to send NAS-PORT using:
radius-server attribute nas-port format /a-e/
but it doesn't help in fact.
Still the parameter is 'zero'

Did you have notice is it a bug that will be repaired in next release
or is it going to stay working (not-working) that way ?

It is strange that NAS stops sending the NAS-PORT for Cisco CPN Client
sessions just like that.

Thanks for any help

Best regards,
 Piestaga                          mailto:piestaga at aster.pl

More information about the cisco-nsp mailing list