Article Content
Article Number | 000025516 |
Applies To | RSA ACE/Server RADIUS Cisco VPN 3000 Concentrator Vendor-Specific Attribute (VSA) |
Issue | How to set user RADIUS profile to include Cisco vendor-specific DNS servers (primary and secondary) User does not have (but needs) a Primary DNS set in RADIUS profile Cisco VPN Concentrator does not work with the Ascend Primary DNS attribute number of 135 set in user profile |
Resolution | Start ACE/Server Administration and follow example below: 1. Choose to edit or add Profile 2. From left hand table, choose Vendor-Specific and press button "Add Attribute" 3. In pop-up box, choose Value type to be String Value 4. Enter value: 9 1 "ip:dns-servers=192.168.1.20" 5. Click OK button If there is a need to enter more than one DNS Server IP address, then separate the IP addresses with space character as shown below: 9 1 "ip:dns-servers=192.168.1.20 192.168.2.21" As an example, when adding the vendor-specific attribute into the ACE/Server user profile, the Primary DNS should look like the following: 3076 1 "ip:CVPN3000-Primary-DNS=192.168.2.23" and for the secondary DNS: 3076 1 "ip:CVPN3000-Secondary-DNS=192.168.4.22" |
Workaround | The general Cisco Vendor ID is 9, but Cisco VPN Concentrator has its own Vendor ID of 3076. See the Cisco web site at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007deec.html#664 for more information. |
Legacy Article ID | a20662 |