From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Thu Oct 25 2007 - 18:41:27 ART
I am facing a problem when I push a policy from my VPN Server (Router 2400 IOS
12.4T).
I mean how can I do in order my Cisco 2600 to send a policy to my Cisco VPN
Client using radius ACS ?
My config is:
ipsec:key-exchange=ike
ipsec:key-exchange=preshared-key
ipsec:max-users=3
ipsec:max-logins=1
ipsec:inacl=split-soporte-tic
But when I add: "ipsec:cpp-policy=fw-visanet" or
"ipsec:identity-policy-name=fw-visanet" the CVPN Server does not add a policy
to the Cisco VPN Client. What I have configured is the next inside the CVPN
Server:
#crypto isakmp client firewall fw-visanet required
cisco-integrated-client-firewall
policy central-policy-push access-list in deny-inbound
policy central-policy-push access-list out only-web
VPN-NOC#sh ip access-lists deny-inbound
Extended IP access list deny-inbound
10 deny ip any any
VPN-NOC#sh ip access-lists only-web
Extended IP access list only-web
10 permit tcp any any eq www
20 permit tcp any any eq 443
30 permit udp any any eq domain
VPN-NOC#
Please, let me know how can I do that,
Regards
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:18 ART