Cisco Systems 3.3 Manual De Usuario
7-47
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 7 User Management
Advanced User Authentication Settings
Step 3
In the Cisco VPN 5000 Concentrator Attribute table, to specify the attributes that
should be authorized for the user, follow these steps:
should be authorized for the user, follow these steps:
a.
Select the check box next to the particular attribute.
b.
Further define the authorization for that attribute in the box next to it.
c.
Continue to select and define attributes, as applicable.
For more information about attributes, see
, or your AAA client documentation.
Step 4
Do one of the following:
•
If you are finished configuring the user account options, click Submit to
record the options.
record the options.
•
To continue to specify the user account options, perform other procedures in
this chapter, as applicable.
this chapter, as applicable.
Setting Microsoft RADIUS Parameters for a User
Microsoft RADIUS provides VSAs supporting Microsoft Point-to-Point
Encryption (MPPE), which is an encryption technology developed by Microsoft
to encrypt point-to-point (PPP) links. These PPP connections can be via a dial-in
line, or over a Virtual Private Network (VPN) tunnel.
Encryption (MPPE), which is an encryption technology developed by Microsoft
to encrypt point-to-point (PPP) links. These PPP connections can be via a dial-in
line, or over a Virtual Private Network (VPN) tunnel.
To control Microsoft MPPE settings for users accessing the network through a
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.