beautypg.com

Cisco 3.3 User Manual

Page 290

background image

Chapter 7 User Management

Advanced User Authentication Settings

7-44

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

For more information about attributes, see

Appendix C, “RADIUS

Attributes”

, or your AAA client documentation.

Step 4

Do one of the following:

If you are finished configuring the user account options, click Submit to
record the options.

To continue to specify the user account options, perform other procedures in
this chapter, as applicable.

Setting Cisco VPN 3000 Concentrator RADIUS Parameters for a User

To control Microsoft MPPE settings for users accessing the network through a
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.

The Cisco VPN 3000 Concentrator RADIUS attribute configurations appear only
if all the following are true:

A AAA client is configured to use RADIUS (Cisco VPN 3000) in Network
Configuration.

The Per-user TACACS+/RADIUS Attributes check box is selected under
Advanced Options in the Interface Configuration section.

User-level RADIUS (Cisco VPN 3000) attributes you want to apply are
enabled under RADIUS (Cisco VPN 3000) in the Interface Configuration
section.

Cisco VPN 3000 Concentrator RADIUS represents only the Cisco VPN 3000
Concentrator VSA. You must configure both the IETF RADIUS and Cisco VPN
3000 Concentrator RADIUS attributes.