Microsoft mppe dictionary of radius vsas – Cisco 3.3 User Manual
Page 700
Appendix C RADIUS Attributes
Microsoft MPPE Dictionary of RADIUS VSAs
C-28
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Microsoft MPPE Dictionary of RADIUS VSAs
Cisco Secure ACS supports the Microsoft RADIUS VSAs used for Microsoft
Point-to-Point Encryption (MPPE). The vendor ID for this Microsoft RADIUS
Implementation is 311. MPPE is an encryption technology developed by
Microsoft to encrypt point-to-point (PPP) links. These PPP connections can be via
a dial-up line, or over a VPN tunnel such as PPTP. MPPE is supported by several
RADIUS network device vendors that Cisco Secure ACS supports. The following
Cisco Secure ACS RADIUS protocols support the Microsoft RADIUS VSAs:
•
Cisco IOS
•
Cisco VPN 3000
•
Ascend
To control Microsoft MPPE settings for users accessing the network through a
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.
lists the supported MPPE RADIUS VSAs.
Table C-7
Microsoft MPPE RADIUS VSAs
Number
Attribute
Type of
Value
Description
Inbound/
Outbound
Multiple
1
MS-CHAP-
Response
String
—
Inbound
No
2
MS-CHAP-
Error
String
—
Outbound No
3
MS-CHAP-
CPW-1
String
—
Inbound
No
4
MS-CHAP-
CPW-2
String
—
Inbound
No