Filter
Top Products
Chapter 14 Enhanced Easy VPN
14-4
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Group Authorization and Group User Policies
You can create user groups that each have their own IP address pool, client update
configuration, split tunneling configuration, and other custom settings, These
group attributes are downloaded to the client in that group when they connect to
the Easy VPN server. The same group name must be configured on the clients who
are members of the group to ensure that the correct group attributes are
downloaded.
If group polices have already been configured, they appear in the list in this
window, and you can select them for this connection by checking the Select box
to the left of the group name.
VPN Groups in RADIUS Server Enter the VPN groups configured on the RADIUS server that you
want this connection to give access to. Use a comma to separate
entries. A sample set of entries follows:
WGP-1, WGP-2, ACCTG, CSVC
These names must match the group names configured on the
RADIUS server. For easy administration, they should also match
the group names you configure for the easy VPN clients.
PKI-based user policy download Check PKI-based user policy download if you want the Easy VPN
server to download user-specific attributes from the RADIUS server
and push them to the client during mode configuration. The Easy
VPN server obtains the username from the client’s digital
certificate.
This option is displayed under the following conditions:
• The router runs a Cisco IOS 12.4(4)T or later image.
• You choose digital certificate authentication in the IKE policy
configuration.
• You choose RADIUS or RADIUS and Local group
authorization.
Table 14-1 RADIUS Servers Fields
Element Description