|Applies To||RSA ACE/Server|
Cisco VPN 3000 Concentrator
Vendor-Specific Attribute (VSA)
|Issue||How to set user RADIUS profile to include Cisco vendor-specific DNS servers (primary and secondary)|
User does not have (but needs) a Primary DNS set in RADIUS profile
Cisco VPN Concentrator does not work with the Ascend Primary DNS attribute number of 135 set in user profile
|Resolution||Start ACE/Server Administration and follow example below:|
1. Choose to edit or add Profile
2. From left hand table, choose Vendor-Specific and press button "Add Attribute"
3. In pop-up box, choose Value type to be String Value
4. Enter value: 9 1 "ip:dns-servers=192.168.1.20"
5. Click OK button
If there is a need to enter more than one DNS Server IP address, then separate the IP addresses with space character as shown below:
9 1 "ip:dns-servers=192.168.1.20 192.168.2.21"
As an example, when adding the vendor-specific attribute into the ACE/Server user profile, the Primary DNS should look like the following:
3076 1 "ip:CVPN3000-Primary-DNS=192.168.2.23"
and for the secondary DNS:
3076 1 "ip:CVPN3000-Secondary-DNS=192.168.4.22"
|Workaround||The general Cisco Vendor ID is 9, but Cisco VPN Concentrator has its own Vendor ID of 3076. See the Cisco web site at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007deec.html#664|
for more information.
|Legacy Article ID||a20662|