Yes, a Cisco IOS router configured to terminate IPSec IKEv1 client vpn will send such an authorization request after the user auth to check if the user is allowed to connect using this group.
On 2013-11-07 06:04, Hugh Irvine wrote: > Hello Michael - > > This is configured on the Cisco box - you will need to ask your network > people to turn it off. > > regards > > Hugh > > > On 7 Nov 2013, at 10:05, Michael <ri...@vianet.ca> wrote: > >> i'm looking to stop it. not set it up. i'm not sure what had >> enabled/configured it to start happening. I guess this is probably the >> wrong place to ask. >> >> On 06/11/13 04:56 PM, Hugh Irvine wrote: >>> Hello Michael - >>> >>> This sounds like Cisco VPDN tunnelling. >>> >>> This example is from the standard “users” file in the Radiator distribution: >>> >>> >>> # This example shows how to configure a Cisco VPDN circuit: >>> open.com.au User-Password=cisco, Service-Type=Outbound-User >>> cisco-avpair = "vpdn:tunnel-id=cca-gw", >>> cisco-avpair = "vpdn:ip-addresses=1.2.3.4", >>> cisco-avpair = "vpdn:nas-password=pw", >>> cisco-avpair = "vpdn:gw-password=pw” >>> >>> >>> regards >>> >>> Hugh >>> >>> >>> On 7 Nov 2013, at 04:56, Michael <ri...@vianet.ca> wrote: >>> >>>> Has anyone ever seen a situation where, for every authentication attempt >>>> to a radiator system from a cisco device, there is an authentication >>>> attempt right before it that appears to be: >>>> >>>> - a domain (the username with the 'username@' part stripped off). >>>> - plain text password is always 'cisco'. >>>> - Service-Type = Outbound-User >>>> >>>> if I remove this line from the cisco lns: >>>> aaa authorization network TEST group TEST >>>> ...the extra auth attempts stop, but then my radius network static >>>> profiles don't work, so it's not a solution but it narrows down the >>>> problem. >>>> >>>> my auth requests for the radiator system are essentially doubled due to >>>> this. This only started happening recently. Network guys sometimes are >>>> like a ticking time bomb and asking them can cause an explosion so i >>>> thought i would ask here. >>>> >>>> >>>> Mike >>>> _______________________________________________ >>>> radiator mailing list >>>> radiator@open.com.au >>>> http://www.open.com.au/mailman/listinfo/radiator >>> -- >>> >>> Hugh Irvine >>> h...@open.com.au >>> >>> Radiator: the most portable, flexible and configurable RADIUS server >>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >>> DIAMETER etc. >>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >>> >>> > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. > Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
