myITmicroblog

Today I change the configuration from my previous post, and instead of ACS I will add ISE (version 1.1). First modification:   ! radius - server host 192.168 . 202.152 key cisco123 ! Next I add a new network device on ISE:   In next step I add a new user group and next a new user: “ezvpn”   And now the new user: Now it’s time to add a new authorization profile with radius attributes: And then a new Authorization Profile:   When I try to connect I see following log messages:   * Nov 24 20 : 17 : 04.534 : RADIUS / ENCODE ( 00000086 ): Orig . component type = VPN IPSEC * Nov 24 20 : 17 : 04.538 : RADIUS : AAA Unsupported Attr : interface [ 221 ] 8 1767295532 * Nov 24 20 : 17 : 04.538 : RADIUS ( 00000086 ): Config NAS IP : 0.0 . 0.0 * Nov 24 20 : 17 : 04.542 : RADIUS ( 00000086 ): Config NAS IPv6 : :: * Nov 24 20 : 17 : 04.542 : RADIUS / ENCODE ( 00000086 ): acct_session_id : 123 * Nov 24 20 : 1

I decided to gather some information about encryption algorithms and hash functions in one place. I will try to update this post regularly.

Two posts earlier I mentioned about another way how to control traffic in the VPN tunnel – a downloadable access list. This way is the most flexible because we can define different policies per user or group. The static control, I implemented together with isakmp and ipsec policies, allow on only one access list. Today I add a radius server to the existing configuration you can find here. I start with a new aaa configuration: ! radius - server host 192.168 . 202.151 key cisco123 ! ! aaa authentication login USERS group radius aaa authorization network AUTH - LIST group radius !   On ACS I need to add a Network Device: Next I need to add a new user – ezvpn: My ezVPN configuration:   ! crypto isakmp policy 1 encr aes authentication pre - share group 2 crypto isakmp client configuration address - pool local POOL ! crypto isakmp client configuration group ezvpn key cisco pool POOL acl 101 crypto isakmp profile ISAKMP - PRF match identity group e