Eugene,
Agreed. In the end, that is what I am looking for. If anyone finds a document that lists these different values then please let us know. Thanks, *Matt Manire* *CCSP, CCNP, CCDP, MCSE* *2003 & MCSE 2000* *Information Systems Security Manager* [email protected] *t*: 817.525.1863 *f*: 817.525.1903 *m*: 817.271.9165 *First Rate* | 1903 Ascension Boulevard | Arlington, TX 76006| www.FirstRate.com <http://www.firstrate.com/> *From:* Eugene Pefti [mailto:[email protected]] *Sent:* Thursday, May 03, 2012 1:55 AM *To:* Matt Manire; Fawad Khan; Mike Rojas *Cc:* [email protected] *Subject:* RE: [OSL | CCIE_Security] Lab 4A - Configure Cisco VPN Solutions Just realized that even this was very handy information always available at the hand the original question was about values to be entered into Cisco-av-pair box. I wish we have a structured document that elaborates on different scenarios requiring different values. E.g. ip:inacl#1=permit ip any any /// for pushing an ACL to the user auth-proxy:priv-lvl=15 /// assigning user privilege for IOS Auth proxy auth-proxy:proxyacl#1=permit tcp any any /// push an ACL to the user connecting via Auth Proxy shell:cli-view-name=VIEW_NAME ///assign a view to a user ipsec:tunnel-type=ESP /// tunnel type assignment and so on ... Eugene *From:* Matt Manire [mailto:[email protected]] *Sent:* 02 May 2012 21:54 *To:* Fawad Khan; Mike Rojas *Cc:* Eugene Pefti; [email protected] *Subject:* RE: [OSL | CCIE_Security] Lab 4A - Configure Cisco VPN Solutions Fawad, That’s cool. I did not know that was there. Thank you for teaching me something new. This definitely helps. *Matt Manire* *CCSP, CCNP, CCDP, MCSE* *2003 & MCSE 2000* *Information Systems Security Manager* [email protected] *t*: 817.525.1863 *f*: 817.525.1903 *m*: 817.271.9165 *First Rate* | 1903 Ascension Boulevard | Arlington, TX 76006| www.FirstRate.com <http://www.firstrate.com/> *From:* Fawad Khan [mailto:[email protected]] *Sent:* Wednesday, May 02, 2012 8:31 PM *To:* Mike Rojas *Cc:* [email protected]; [email protected]; [email protected] *Subject:* Re: [OSL | CCIE_Security] Lab 4A - Configure Cisco VPN Solutions Is this what you guys are looking for ? R4#show aaa attributes protocol radius AAA ATTRIBUTE LIST: Type=1 Name=disc-cause-ext Format=Enum Protocol:RADIUS Unknown Type=195 Name=Ascend-Disconnect-Cau Format=Enum Cisco VSA Type=1 Name=Cisco AVpair Format=String Type=2 Name=Acct-Status-Type Format=Enum Protocol:RADIUS Unknown Type=40 Name=Acct-Status-Type Format=Enum Type=3 Name=Tunnel-Packets-Lost Format=Ulong Protocol:RADIUS Unknown Type=86 Name=Tunnel-Packets-Lost Format=Ulong Type=4 Name=acl Format=String Protocol:RADIUS Unknown Type=11 Name=Filter-Id Format=Binary Type=5 Name=auth-services Format=Enum Protocol:RADIUS Cisco VSA Type=1 Name=Cisco AVpair Format=String Type=6 Name=azn-tag Format=String Type=7 Name=addr Format=IPv4 Address Protocol:RADIUS Unknown Type=8 Name=Framed-IP-Address Format=IPv4 Addre Type=8 Name=addrv6 Format=String Protocol:RADIUS Cisco VSA Type=1 Name=Cisco AVpair Format=String Type=9 Name=addr-pool Format=String Protocol:RADIUS Unknown Type=100 Name=Framed-IPv6-Pool Format=String Unknown Type=218 Name=Ascend-IP-Pool Format=Ulong Type=10 Name=asyncmap Format=Ulong Protocol:RADIUS Unknown Type=212 Name=Ascend-Asyncmap Format=Ulong Type=11 Name=Authentic Format=Enum Protocol:RADIUS Unknown Type=45 Name=Acct-Authentic Format=Enum Type=12 Name=autocmd Format=String Type=13 Name=autocmd_ipprompt Format=String Type=14 Name=callback-dialstring Format=String Protocol:RADIUS Unknown Type=19 Name=Callback-Number Format=String Unknown Type=227 Name=Ascend-Dial-Number Format=String Type=15 Name=callback-line Format=Ulong Type=16 Name=nocallback-verify Format=Ulong Type=17 Name=callback-rotary Format=Ulong Type=18 Name=call-drops Format=Ulong Type=19 Name=call_type Format=String Protocol:RADIUS Cisco VSA Type=19 Name=call_type Format=String Type=20 Name=call-origin-endpt Format=String Protocol:RADIUS Cisco VSA Type=1 Name=Cisco AVpair Format=String Type=21 Name=call-origin-endpt-type Format=Enum Protocol:RADIUS Cisco VSA Type=1 Name=Cisco AVpair Format=String --More-- FNK On Wed, May 2, 2012 at 6:39 PM, Mike Rojas <[email protected]> wrote: Eugene and all of the ones that have doubts about it: This is the non partner document (which is the same I posted before to Matt) http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml If you follow the path on the Left, you will get there from the Support page without having to be logged in. If you want to check if a document is reachable, look it on google, or follow the same path on the left without being logged in and check if you can get there. Mike ------------------------------ From: [email protected] To: [email protected] Date: Wed, 2 May 2012 20:21:14 +0000 CC: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 4A - Configure Cisco VPN Solutions Interesting, It never occurred to me that I access that page as a partner as my browser cached my Cisco CCO credentials. It raises a legitimate question how can CCIE candidates get access to Cisco documentation without a partner status? Eugene *From:* Matt Manire [mailto:[email protected]] *Sent:* 02 May 2012 12:55 *To:* Eugene Pefti *Subject:* RE: [OSL | CCIE_Security] Lab 4A - Configure Cisco VPN Solutions Thanks Eugene but unfortunately I am not a partner so I can’t access the site. *Matt Manire* *CCSP, CCNP, CCDP, MCSE* *2003 & MCSE 2000* *Information Systems Security Manager* [email protected] *t*: 817.525.1863 *f*: 817.525.1903 *m*: 817.271.9165 *First Rate* | 1903 Ascension Boulevard | Arlington, TX 76006| www.FirstRate.com <http://www.firstrate.com/> *From:* Eugene Pefti [mailto:[email protected]] *Sent:* Wednesday, May 02, 2012 2:53 PM *To:* Matt Manire; [email protected] *Subject:* RE: [OSL | CCIE_Security] Lab 4A - Configure Cisco VPN Solutions Take a look at this document, Matt. http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml I have never found any place in Cisco documentation where they would provide a full list of Cisco VSA for IPSec. Eugene *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Matt Manire *Sent:* 02 May 2012 08:56 *To:* [email protected] *Subject:* [OSL | CCIE_Security] Lab 4A - Configure Cisco VPN Solutions Guys, I am trying to work through the practice VPN lab “4.8 Easy VPN with External Group Authorization and XAUTH.” In regards to performing external authentication, where can I find a list/documentation for the RADIUS attributes to add to the [009\001] cisco-av-pair box under Group authentication? For example, as part of this solution I am supposed to input the following values in the [009\001] cisco-av-pair box under Group authentication: Ipsec:tunnel-type=ESP Ipsec:key-exchange=ike Ipsec:inacl=170 Ipsec:save-password=1 Ipsec:addr-pool=EZPOOL2 Where can a list of these attributes be found for reference? ipsec:tunnel-type= Ipsec:key-exchange= Ipsec:inacl= Ipsec:save-password= Ipsec:addr-pool= Thanks, *Matt Manire* *CCSP, CCNP, CCDP, MCSE* *2003 & MCSE 2000* *Information Systems Security Manager* [email protected] *t*: 817.525.1863 *f*: 817.525.1903 *m*: 817.271.9165 *First Rate* | 1903 Ascension Boulevard | Arlington, TX 76006| www.FirstRate.com <http://www.firstrate.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
