http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/gu ide/sec_easy_vpn_srvr_ps6441_TSD_Products_Configuration_Guide_Chapter.html#w p1519508
it is in the configuration examples for the easyvpn server documentation for ios 12.4T the document only details the cisco av-pair attributes supported by group authorization but the rest is simple: You must create a user in acs with the vpn group name and the password MUST BE "cisco" For the cisco av-pair attributes, specify those supported by ezvpn group authorization listed in the cisco document You must then specify a radius server for authorization and not use local authorization: Aaa authorization network vpn group radius Crypto map mymap isakmp authorization list vpn Should work for you. Hope this helps From: [email protected] [mailto:[email protected]] On Behalf Of Paul Stewart Sent: Sunday, August 09, 2009 8:58 AM To: [email protected] Subject: [OSL | CCIE_Security] EzVPN Groups in ACS Has anyone stumbled on a DocCD document that explains how to distribute EzVPN groups to the ASA or IOS rtr from an ACS server?
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
