Auth-proxy examples: http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_auth/configuration/12-4/sec-cfg-authen-prxy.html#GUID-06899095-B258-4A9C-85F1-5832D29E754C
A question/comment on ASA EZVPN and SSL VPN related guide. There's table D4 in the guide "Table D-4 Examples of Cisco AV Pairs and their Permitting or Denying Action" And it shows the ACL like this: ip:inacl#1=deny ip 10.155.10.0 0.0.0.255 10.159.2.0 0.0.0.255 log Will ASA understand the wilcard notation ? Eugene From: Alexei Monastyrnyi <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Sunday, July 22, 2012 4:24 AM To: Eugene Pefti <[email protected]<mailto:[email protected]>> Cc: Marta Sokolowska <[email protected]<mailto:[email protected]>>, GuardGrid <[email protected]<mailto:[email protected]>>, ccie_security <[email protected]<mailto:[email protected]>> Subject: Re: [OSL | CCIE_Security] Radius VSA Hi guys, here are some links covering RADIUS attributes. For the purpose of quick navigation during the lab, I reckon it is better to refer to some documents where those attributes are within a context, not just a bare list. IOS EZ VPN related http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_esyvpn/configuration/12-4t/sec-easy-vpn-srvr.html#GUID-D0BC5B4D-7BDB-44B6-B49F-EBBD79F1D185 IOS SSL VPN related http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_sslvpn/configuration/12-4t/sec-conn-sslvpn-ssl-vpn.html#GUID-F005501D-8992-48A9-8D4A-7650D7554A3F ASA EZ VPN and SSL VPN related http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wp1661512 ACS RADIUS attributes reference list http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RADAtr.html ACS TACACS attributes list http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/User_Guide/A_TACAtr.html CAR RADIUS attributes list http://www.cisco.com/en/US/docs/net_mgmt/access_registrar/5.1/user/guide/a_attrib.html HTHJ A. On 7/22/2012 12:10 PM, Eugene Pefti wrote: Good point, Marta, I wish there’s a consolidated documentation showing how to properly form those attributes with the required service for different scenarios – auth-proxy, shell access, VPN and so on. I.e. we do auth-proxy via RADIUS and it’s not enough to know the attribute name - Name=proxyacl. The syntax is auth-proxy:proxyacl#1=permit ip any any” And so on for other situations and scenarios. Eugene From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marta Sokolowska Sent: Saturday, July 21, 2012 4:35 PM To: GuardGrid Cc: ccie_security Subject: Re: [OSL | CCIE_Security] Radius VSA Type the following command on the router's CLI: show aaa attributes -- Marta Sokolowska. 2012/7/22 GuardGrid <[email protected]<mailto:[email protected]>> Guys, Where in the documentation do we get the complete listing of all attributes like below for RADIUS and TACACS for that matter, ipsec:tunnel-type=ESP ipsec:key-exchange=IKE ipsec:tunnel-password=ipexpert ipsec:inacl=SPLIT ipsec:save-password=1 I found some in examples for configuring EZVPN but not a seperate section of just these VSA not IETF's. Let me know. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
