Cisco 3.3 User Manual

Page 234

Advertising
background image

Chapter 6 User Group Management

Configuration-specific User Group Settings

6-44

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 3

From the Group list, select a group, and then click Edit Settings.

The Group Settings page displays the name of the group at its top.

Step 4

From the Jump To list at the top of the page, choose RADIUS (Ascend).

Step 5

In the Ascend RADIUS Attributes table, determine the attributes to be authorized
for the group by selecting the check box next to the attribute. Be sure to define the
authorization for that attribute in the field next to it. For more information about
attributes, see

Appendix C, “RADIUS Attributes”

, or your AAA client

documentation.

Step 6

To save the group settings you have just made, click Submit.

For more information, see

Saving Changes to User Group Settings, page 6-56

.

Step 7

To continue specifying other group settings, perform other procedures in this
chapter, as applicable.

Configuring Cisco VPN 3000 Concentrator RADIUS Settings for a
User Group

To control Microsoft MPPE settings for users accessing the network through a
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.

The Cisco VPN 3000 Concentrator RADIUS attribute configurations appear only
if both the following are true:

A AAA client has been configured to use RADIUS (Cisco VPN 3000) in
Network Configuration.

Group-level RADIUS (Cisco VPN 3000) attributes have been enabled on the
RADIUS (Cisco VPN 3000) page of the Interface Configuration section.

Advertising