000025516 - How to set user RADIUS profile to include Cisco vendor-specific DNS servers (primary and secondary)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025516
Applies ToRSA ACE/Server
RADIUS
Cisco VPN 3000 Concentrator
Vendor-Specific Attribute (VSA)
IssueHow to set user RADIUS profile to include Cisco vendor-specific DNS servers (primary and secondary)
User does not have (but needs) a Primary DNS set in RADIUS profile
Cisco VPN Concentrator does not work with the Ascend Primary DNS attribute number of 135 set in user profile
ResolutionStart ACE/Server Administration and follow example below:

1. Choose to edit or add Profile

2. From left hand table, choose Vendor-Specific and press button "Add Attribute"

3. In pop-up box, choose Value type to be String Value

4. Enter value: 9 1 "ip:dns-servers=192.168.1.20"

5. Click OK button

If there is a need to enter more than one DNS Server IP address, then separate the IP addresses with space character as shown below:

    9 1 "ip:dns-servers=192.168.1.20 192.168.2.21"

As an example, when adding the vendor-specific attribute into the ACE/Server user profile, the Primary DNS should look like the following:

    3076 1 "ip:CVPN3000-Primary-DNS=192.168.2.23"

and for the secondary DNS:

    3076 1 "ip:CVPN3000-Secondary-DNS=192.168.4.22"
WorkaroundThe general Cisco Vendor ID is 9, but Cisco VPN Concentrator has its own Vendor ID of 3076. See the Cisco web site at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007deec.html#664
 for more information.
Legacy Article IDa20662

Attachments

    Outcomes