[c-nsp] Cisco VPN Client - accounting log
Piestaga
piestaga at aster.pl
Thu Feb 9 06:00:12 EST 2006
Hello Oliver,
Thursday, February 9, 2006, 8:55:23 AM, you wrote:
> Piestaga <> wrote on Wednesday, February 08, 2006 4:08 PM:
>> Hi,
>>
>> My problem is that couple of months ago, for established Cisco VPN
>> IPSec session, the NAS was sending to radius the NAS-PORT attribute.
>> Now it is not (in fact NAS sends 'zero' as a NAS-PORT).
>> It causes that every authenticated second IPSec session clears the
>> previous one what causes that I am not able to verify the number of
>> session from single User. (I need to limit the total number of
>> sessions to one from single user at a time)
>>
>> I tried to force the NAS to send NAS-PORT using:
>> radius-server attribute nas-port format /a-e/
>> but it doesn't help in fact.
>> Still the parameter is 'zero'
>>
>> Did you have notice is it a bug that will be repaired in next release
>> or is it going to stay working (not-working) that way ?
>>
>> It is strange that NAS stops sending the NAS-PORT for Cisco CPN Client
>> sessions just like that.
> Which image are you using? We should be sending a NAS-Port in 12.3(11)T
> and later..
> oli
Hi,
I am using 12.3(14)T6 right now.
The begining of "debug crypto isakmp aaa" output says:
ISAKMP AAA: CLI handle received from aaaaaacli_hdl = 0x80000005 and returned peer = 0x506F13A8
--> ISAKMP:(0:0:N/A:0):AAA: Nas Port ID is unavailable.
ISAKMP AAA: Allocated session id 3 and replaced it for uid 5
ISAKMP/aaa: unique id = 5
Line: "Nas Port ID is unavailable"
explains why the NAS Port ID is empty, but there is no info why NAS-Port is not being sent.
And why in fact both are attribs. are unavailable.
Sebastian
More information about the cisco-nsp
mailing list