Hi Charly -
Thanks for your mail.
The Radiator 3.7.1 standard dictionary already has most of the definitions you list below.
I will add the additional ones that you have sent, but they will have the existing "Altiga" prefix.
I'll send you a copy of the modified dictionary in a seperate mail.
regards
Hugh
On 31/10/2003, at 4:03 AM, Karl Gaissmaier wrote:
Hi Hugh or Mike,
after searching for a proper VSA file for the new Version of the Cisco VPN Concentrator software without luck, I assembled a radiator compliant VSA dictionary from the different sources on the web.
Hugh or Mike, perhaps you can put it into the goodies folder in the next release/patch.
P.S. I know that the standard dictionary contains VSA's for the vendor code 3076 (formerly Altiga), but this is not enough for the new Software Versions on the Cisco VPN Concentrators.
Best regards
Charly
-- Karl Gaissmaier KIZ/Infrastructure, University of Ulm, Germany
Email:[EMAIL PROTECTED] Service Group Network
Tel.: ++49 731 50-22499
# --------------------------------------------------
# Start OF Cisco VPN 3k Vendor-specific information
# --------------------------------------------------
#
# Accumulated by [EMAIL PROTECTED], 29/10/2003
# Please send me patches and corrections.
#
# Sources:
# Cisco VPN 3000 Concentrator Vendor Specific Attributes 2.0 - 3.6
# on http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/ products_tech_note09186a0080094e96.shtml
#
# and:
# cisco3k.dct, Funk Radius Dictionary File for VPN 3000 in the downlaod area
# of the Cisco VPN 3000 Concentrator
#
# and:
# http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/ csacs4nt/acs31/acsuser/ad.htm#984410
#
#
# The suffixes at the end of each attribute indicate if the attribute is a
# Group only attribute (-G) or is a Group and/or User attribute (-G/U).
#
# VSA Code 3076, Cisco VPN 3000 Concentrator, formerly Altiga
#
VENDORATTR 3076 CVPN-3K-Access-Hours-G/U 1 string
VENDORATTR 3076 CVPN-3K-Simultaneous-Logins-G/U 2 integer
VENDORATTR 3076 CVPN-3K-Primary-DNS-G 5 ipaddr
VENDORATTR 3076 CVPN-3K-Secondary-DNS-G 6 ipaddr
VENDORATTR 3076 CVPN-3K-Primary-WINS-G 7 ipaddr
VENDORATTR 3076 CVPN-3K-Secondary-WINS-G 8 ipaddr
VENDORATTR 3076 CVPN-3K-SEP-Card-Assignment-G/U 9 integer
VENDORATTR 3076 CVPN-3K-Tunneling-Protocols-G/U 11 integer
VENDORATTR 3076 CVPN-3K-IPSec-Sec-Association-G/U 12 string
VENDORATTR 3076 CVPN-3K-IPSec-Authentication-G 13 integer
VENDORATTR 3076 CVPN-3K-Arg-ModeCfg-IPSec-Banner 15 string
VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Allow-Passwd-Store-G 16 integer
VENDORATTR 3076 CVPN-3K-Use-Client-Address-G/U 17 integer
VENDORATTR 3076 CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U 18 integer
VENDORATTR 3076 CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U 19 integer
VENDORATTR 3076 CVPN-3K-PPTP-Encryption-G 20 integer
VENDORATTR 3076 CVPN-3K-L2TP-Encryption-G 21 integer
VENDORATTR 3076 CVPN-3k-Arg-Authentication-Server-Type 22 integer
VENDORATTR 3076 CVPN-3k-Arg-Authentication-Server-Password 23 string
VENDORATTR 3076 CVPN-3k-Arg-Request-Authenticator-Vector 24 string
VENDORATTR 3076 CVPN-3k-IPSec-LTL-Keepalives 25 integer
VENDORATTR 3076 CVPN-3k-Arg-IPSec-Group-Name 26 integer
VENDORATTR 3076 CVPN-3K-Arg-ModeCfg-IPSec-Split-Tunnel-List 27 string
VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Default-Domain-G 28 string
VENDORATTR 3076 CVPN-3K-IPSec-Secondary-Domain-List-G 29 string
VENDORATTR 3076 CVPN-3K-IPSec-Tunnel-Type-G 30 integer
VENDORATTR 3076 CVPN-3K-IPSec-Mode-Config-G 31 integer
VENDORATTR 3076 CVPN-3k-Arg-Authentication-Server-Priority 32 integer
VENDORATTR 3076 CVPN-3K-IPSec-User-Group-Lock-G 33 integer
VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Over-UDP-G 34 integer
VENDORATTR 3076 CVPN-3K-ModeCfg-IPSec-Over-UDP-Port-Num-G 35 integer
VENDORATTR 3076 CVPN-3K-IPSec-Banner2-G 36 string
VENDORATTR 3076 CVPN-3K-PPTP-MPPC-Compression-G 37 integer
VENDORATTR 3076 CVPN-3K-L2TP-MPPC-Compression-G 38 integer
VENDORATTR 3076 CVPN-3K-IP-Compression-G 39 integer
VENDORATTR 3076 CVPN-3K-IKE-Peer-ID-Check-G 40 integer
VENDORATTR 3076 CVPN-3K-IKE-Keepalives-G 41 integer
VENDORATTR 3076 CVPN-3K-IPSec-Auth-On-Rekey-G 42 integer
VENDORATTR 3076 CVPN-3K-Required-FW-Vendor-Code-G 45 integer
VENDORATTR 3076 CVPN-3K-Required-FW-Product-Code-G 46 integer
VENDORATTR 3076 CVPN-3K-Required-FW-Description-G 47 string
VENDORATTR 3076 CVPN-3K-Require-HW-Client-Auth-G 48 integer
VENDORATTR 3076 CVPN-3K-Require-Individ-User-Auth-G 49 integer
VENDORATTR 3076 CVPN-3K-User-Idle-Timeout-G 50 integer
VENDORATTR 3076 CVPN-3K-Cisco-IP-Phone-Bypass-G 51 integer
VENDORATTR 3076 CVPN-3K-IPSec-Split-Tunnel-Policy-G 55 integer
VENDORATTR 3076 CVPN-3K-Client-FW-Capability-G 56 integer
VENDORATTR 3076 CVPN-3K-Client-FW-Filter-Name-G 57 string
VENDORATTR 3076 CVPN-3K-Client-FW-Optional-G 58 integer
VENDORATTR 3076 CVPN-3K-Backup-IPSec-Servers-G 59 integer
VENDORATTR 3076 CVPN-3K-Backup-IPSec-Server-List-G 60 string
VENDORATTR 3076 CVPN-3k-DHCP-Network-Scope-G 61 ipaddr
VENDORATTR 3076 CVPN-3K-Intercept-DHCP-Config-Msg-G 62 integer
VENDORATTR 3076 CVPN-3K-MS-Client-Subnet-Mask-G 63 ipaddr
VENDORATTR 3076 CVPN-3K-Allow-Network-Ext-Mode-G 64 integer
VENDORATTR 3076 CVPN-3k-IPSec-Authorization-Type-G 65 integer
VENDORATTR 3076 CVPN-3k-IPSec-Authorization-Required-G 66 integer
VENDORATTR 3076 CVPN-3k-IPSec-DN-Field-G 67 string
VENDORATTR 3076 CVPN-3k-IPSec-Confidence-Level-G 68 integer
VENDORATTR 3076 CVPN-3k-LEAP-Bypass-G 75 integer
VENDORATTR 3076 CVPN-3K-Part-Primary-DHCP-G 128 ipaddr
VENDORATTR 3076 CVPN-3K-Part-Secondary-DHCP-G 129 ipaddr
VENDORATTR 3076 CVPN-3K-Part-Premise-Router-G 131 ipaddr
VENDORATTR 3076 CVPN-3K-Part-Max-Sessions-G 132 integer
VENDORATTR 3076 CVPN-3K-Part-Mobile-IP-Key-G 133 integer
VENDORATTR 3076 CVPN-3K-Part-Mobile-IP-Address-G 134 ipaddr
VENDORATTR 3076 CVPN-3K-Strip-Realm-G 135 integer
VENDORATTR 3076 CVPN-3K-Part-Strip-Realm-G 136 integer
VENDORATTR 3076 CVPN-3K-Part-Group-ID-G 137 integer
VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP1 1 VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP2 2 VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP3 4 VALUE CVPN-3K-SEP-Card-Assignment-G/U SEP4 8 VALUE CVPN-3K-SEP-Card-Assignment-G/U Any-SEP 15
VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP 1 VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP 2 VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-and-L2TP 3 VALUE CVPN-3K-Tunneling-Protocols-G/U IPSec 4 VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-and-IPSec 5 VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP-and-IPSec 6 VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-L2TP-IPSec 7 VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP/IPSec 8 VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-and-L2TP/IPSec 9 VALUE CVPN-3K-Tunneling-Protocols-G/U L2TP-and-L2TP/IPSec 10 VALUE CVPN-3K-Tunneling-Protocols-G/U PPTP-L2TP-L2TP/IPSec 11
VALUE CVPN-3K-IPSec-Authentication-G None 0 VALUE CVPN-3K-IPSec-Authentication-G RADIUS 1 VALUE CVPN-3K-IPSec-Authentication-G NTDomain 3 VALUE CVPN-3K-IPSec-Authentication-G SDI 4 VALUE CVPN-3K-IPSec-Authentication-G Internal 5 VALUE CVPN-3K-IPSec-Authentication-G RADIUS-with-Expiry 6
VALUE CVPN-3K-ModeCfg-IPSec-Allow-Passwd-Store-G Allow 1 VALUE CVPN-3K-ModeCfg-IPSec-Allow-Passwd-Store-G Disallow 0
VALUE CVPN-3K-Use-Client-Address-G/U Allow 1 VALUE CVPN-3K-Use-Client-Address-G/U Disallow 0
VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U PAP 1 VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U CHAP 2 VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U EAP-MD5 4 VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U EAP-GTC 8 VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U EAP-TLS 16 VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U MSCHAP 32 VALUE CVPN-3k-PPTP-Minimal-Auth-Protocol-G/U MSCHAP2 64
VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U PAP 1 VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U CHAP 2 VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U EAP-MD5 4 VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U EAP-GTC 8 VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U EAP-TLS 16 VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U MSCHAP 32 VALUE CVPN-3k-L2TP-Minimal-Auth-Protocol-G/U MSCHAP2 64
VALUE CVPN-3K-PPTP-Encryption-G 40bit 2 VALUE CVPN-3K-PPTP-Encryption-G 40-Encryption-Req 3 VALUE CVPN-3K-PPTP-Encryption-G 128 4 VALUE CVPN-3K-PPTP-Encryption-G 128-Encryption-Req 5 VALUE CVPN-3K-PPTP-Encryption-G 40-or-128 6 VALUE CVPN-3K-PPTP-Encryption-G 40-or-128-Encry-Req 7 VALUE CVPN-3K-PPTP-Encryption-G 40-Stateless-Req 10 VALUE CVPN-3K-PPTP-Encryption-G 40-Enc/Stateless-Req 11 VALUE CVPN-3K-PPTP-Encryption-G 128-Stateless-Req 12 VALUE CVPN-3K-PPTP-Encryption-G 128-Enc/Stateless-Req 13 VALUE CVPN-3K-PPTP-Encryption-G 40/128-Stateless-Req 14 VALUE CVPN-3K-PPTP-Encryption-G 40/128-Enc/Statls-Req 15
VALUE CVPN-3K-L2TP-Encryption-G 40bit 2 VALUE CVPN-3K-L2TP-Encryption-G 40-Encryption-Req 3 VALUE CVPN-3K-L2TP-Encryption-G 128 4 VALUE CVPN-3K-L2TP-Encryption-G 128-Encryption-Req 5 VALUE CVPN-3K-L2TP-Encryption-G 40-or-128 6 VALUE CVPN-3K-L2TP-Encryption-G 40-or-128-Encry-Req 7 VALUE CVPN-3K-L2TP-Encryption-G 40-Stateless-Req 10 VALUE CVPN-3K-L2TP-Encryption-G 40-Enc/Stateless-Req 11 VALUE CVPN-3K-L2TP-Encryption-G 128-Stateless-Req 12 VALUE CVPN-3K-L2TP-Encryption-G 128-Enc/Stateless-Req 13 VALUE CVPN-3K-L2TP-Encryption-G 40/128-Stateless-Req 14 VALUE CVPN-3K-L2TP-Encryption-G 40/128-Enc/Statls-Req 15
VALUE CVPN-3k-Arg-Authentication-Server-Type First-Active-Server 0 VALUE CVPN-3k-Arg-Authentication-Server-Type RADIUS 1 VALUE CVPN-3k-Arg-Authentication-Server-Type LDAP 2 VALUE CVPN-3k-Arg-Authentication-Server-Type NT 3 VALUE CVPN-3k-Arg-Authentication-Server-Type SDI 4 VALUE CVPN-3k-Arg-Authentication-Server-Type Internal 5
VALUE CVPN-3k-IPSec-LTL-Keepalives ON 1 VALUE CVPN-3k-IPSec-LTL-Keepalives OFF 0
VALUE CVPN-3K-IPSec-Tunnel-Type-G LAN-to-LAN 1 VALUE CVPN-3K-IPSec-Tunnel-Type-G Remote-Access 2
VALUE CVPN-3K-IPSec-Mode-Config-G ON 1 VALUE CVPN-3K-IPSec-Mode-Config-G OFF 0
VALUE CVPN-3K-IPSec-User-Group-Lock-G ON 1 VALUE CVPN-3K-IPSec-User-Group-Lock-G OFF 0
VALUE CVPN-3K-ModeCfg-IPSec-Over-UDP-G ON 1 VALUE CVPN-3K-ModeCfg-IPSec-Over-UDP-G OFF 0
VALUE CVPN-3K-PPTP-MPPC-Compression-G ON 1 VALUE CVPN-3K-PPTP-MPPC-Compression-G OFF 2
VALUE CVPN-3K-L2TP-MPPC-Compression-G ON 1 VALUE CVPN-3K-L2TP-MPPC-Compression-G OFF 2
VALUE CVPN-3K-IP-Compression-G None 0 VALUE CVPN-3K-IP-Compression-G LZS 1
VALUE CVPN-3K-IKE-Peer-ID-Check-G Required 1 VALUE CVPN-3K-IKE-Peer-ID-Check-G If-supported-by-cert 2 VALUE CVPN-3K-IKE-Peer-ID-Check-G Do-not-check 3
VALUE CVPN-3K-IKE-Keepalives-G ON 1 VALUE CVPN-3K-IKE-Keepalives-G OFF 0
VALUE CVPN-3K-IPSec-Auth-On-Rekey-G ON 1 VALUE CVPN-3K-IPSec-Auth-On-Rekey-G OFF 0
VALUE CVPN-3K-Require-HW-Client-Auth-G ON 1 VALUE CVPN-3K-Require-HW-Client-Auth-G OFF 0
VALUE CVPN-3K-Require-Individ-User-Auth-G ON 1 VALUE CVPN-3K-Require-Individ-User-Auth-G OFF 0
VALUE CVPN-3K-Cisco-IP-Phone-Bypass-G Enabled 1 VALUE CVPN-3K-Cisco-IP-Phone-Bypass-G Disabled 2
VALUE CVPN-3K-IPSec-Split-Tunnel-Policy-G Tunnel-Everything 0
VALUE CVPN-3K-IPSec-Split-Tunnel-Policy-G Only-tunnel-networks-in-list 1
VALUE CVPN-3K-IPSec-Split-Tunnel-Policy-G Tunnel-Everything-but-Local-Lan 2
VALUE CVPN-3K-Client-FW-Capability-G None 0 VALUE CVPN-3K-Client-FW-Capability-G Policy-Defined-by-remote-FW-AYT 1 VALUE CVPN-3K-Client-FW-Capability-G Policy-Pushed-CPP 2 VALUE CVPN-3K-Client-FW-Capability-G Policy-from-server 4
VALUE CVPN-3K-Client-FW-Optional-G Optional 1 VALUE CVPN-3K-Client-FW-Optional-G Required 0
VALUE CVPN-3K-Backup-IPSec-Servers-G Use-Client-Configured-List 1 VALUE CVPN-3K-Backup-IPSec-Servers-G Disable-and-Clear-Client-List 2 VALUE CVPN-3K-Backup-IPSec-Servers-G Use-Backup-Server-List 3
VALUE CVPN-3K-Intercept-DHCP-Config-Msg-G YES 1 VALUE CVPN-3K-Intercept-DHCP-Config-Msg-G NO 0
VALUE CVPN-3K-Allow-Network-Ext-Mode-G YES 1 VALUE CVPN-3K-Allow-Network-Ext-Mode-G NO 0
VALUE CVPN-3k-IPSec-Authorization-Type-G None 0 VALUE CVPN-3k-IPSec-Authorization-Type-G RADIUS 1 VALUE CVPN-3k-IPSec-Authorization-Type-G LDAP 2
VALUE CVPN-3k-IPSec-Authorization-Required-G YES 1 VALUE CVPN-3k-IPSec-Authorization-Required-G NO 0
VALUE CVPN-3k-LEAP-Bypass-G YES 1 VALUE CVPN-3k-LEAP-Bypass-G NO 0
VALUE CVPN-3K-Strip-Realm-G ON 1 VALUE CVPN-3K-Strip-Realm-G OFF 0
VALUE CVPN-3K-Part-Strip-Realm-G ON 1 VALUE CVPN-3K-Part-Strip-Realm-G OFF 0
# ------------------------------------------------ # END OF Cisco VPN 3k Vendor-specific information # ------------------------------------------------
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
