Cisco Systems 3.3 Manual De Usuario
6-47
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Configuration-specific User Group Settings
Step 5
In the Cisco VPN 5000 Concentrator RADIUS Attributes table, select the
attributes that should be authorized for the group by selecting the check box next
to the attribute. Further define the authorization for each attribute in the field next
to it.
attributes that should be authorized for the group by selecting the check box next
to the attribute. Further define the authorization for each attribute in the field next
to it.
For more information about attributes, see
, or
the documentation for network devices using RADIUS.
Step 6
To save the group settings you have just made, click Submit.
For more information, see
Step 7
To continue specifying other group settings, perform other procedures in this
chapter, as applicable.
chapter, as applicable.
Configuring Microsoft RADIUS Settings for a User Group
Microsoft RADIUS provides VSAs supporting MPPE, which is an encryption
technology developed by Microsoft to encrypt PPP links. These PPP connections
can be via a dial-in line, or over a VPN tunnel.
technology developed by Microsoft to encrypt PPP links. These PPP connections
can be via a dial-in line, or over a VPN tunnel.
To control Microsoft MPPE settings for users accessing the network through a
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.
The Microsoft RADIUS attribute configurations appear only when both the
following are true:
following are true:
•
A network device has been configured in Network Configuration that uses a
RADIUS protocol that supports the Microsoft RADIUS VSA.
RADIUS protocol that supports the Microsoft RADIUS VSA.
•
Group-level Microsoft RADIUS attributes have been enabled on the RADIUS
(Microsoft) page of the Interface Configuration section.
(Microsoft) page of the Interface Configuration section.