wow, I don't even see "ipsec:inacl" listed as a RADIUS attribute in the ACS User Guide. That's pretty good. "inacl" is listed in the TACACS+ attribute section though. Is there a place other than the User Guide that you reference for all of the attributes?
Thanks, Jason On Fri, Sep 7, 2012 at 1:41 AM, Jason Madsen <[email protected]> wrote: > thanks! > > > > > On Fri, Sep 7, 2012 at 1:39 AM, Karthik sagar <[email protected]> wrote: > >> Use this attribute in ACS profile - >> >> ipsec:inacl=*SPLIT_TUNNEL**_ACL_NAME* >> >> The actual ACL should be defined on the router itself. Only the ACL name >> is referenced in ACS profile. >> >> >> Glad I could help :-) >> >> Karthik >> >> On Fri, Sep 7, 2012 at 1:02 PM, Jason Madsen <[email protected]>wrote: >> >>> ahh, thank you. this is very helpful. >>> >>> one last question...do you know where and how I could apply a Split >>> Tunnel ACL to this type of scenario from within ACS? I'm pretty >>> comfortable with configuring just about all VPNs inside and out, but I'm >>> actually pretty new to ACS. It doesn't seem to bad, but I know I have a >>> lot of things to learn in it yet. >>> >>> Thanks, >>> Jason >>> >>> >>> >>> >>> On Fri, Sep 7, 2012 at 1:29 AM, Karthik sagar <[email protected]> wrote: >>> >>>> Jason, >>>> >>>> The user-vpn-group attribute implements a feature called group-lock. >>>> Let say, you have two ezvpn groups - vpngroup1 and vpngroup2. >>>> Now, for xauth-user you have defined the attribute >>>> "user-vpn-group=vpngroup1". >>>> >>>> This config limits xauth-user to login to the vppngroup1 only. If >>>> xauth-user tries to login to vpngroup2, group authorization fails. >>>> >>>> Regards, >>>> Karthik >>>> >>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
