Cisco 3.3 User Manual

Page 237

Advertising
background image

6-47

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 6 User Group Management

Configuration-specific User Group Settings

Step 5

In the Cisco VPN 5000 Concentrator RADIUS Attributes table, select the
attributes that should be authorized for the group by selecting the check box next
to the attribute. Further define the authorization for each attribute in the field next
to it.

For more information about attributes, see

Appendix C, “RADIUS Attributes”

, or

the documentation for network devices using RADIUS.

Step 6

To save the group settings you have just made, click Submit.

For more information, see

Saving Changes to User Group Settings, page 6-56

.

Step 7

To continue specifying other group settings, perform other procedures in this
chapter, as applicable.

Configuring Microsoft RADIUS Settings for a User Group

Microsoft RADIUS provides VSAs supporting MPPE, which is an encryption
technology developed by Microsoft to encrypt PPP links. These PPP connections
can be via a dial-in line, or over a VPN tunnel.

To control Microsoft MPPE settings for users accessing the network through a
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.

The Microsoft RADIUS attribute configurations appear only when both the
following are true:

A network device has been configured in Network Configuration that uses a
RADIUS protocol that supports the Microsoft RADIUS VSA.

Group-level Microsoft RADIUS attributes have been enabled on the RADIUS
(Microsoft) page of the Interface Configuration section.

Advertising
Popular Brands
Popular manuals