Hello,
I'm trying to combine the MODECFG attributes from a user profile from radius with the attributes from the isakmp group on the VPN device (3845 security bundle with IOS 12.4(9)T). Unfortunately it's not working. If I put all the attributes in the user profile, the client receives all the attributes. If I put all the attributes in the "isakmp client configuration group", the client receives all the attributes.
When I combine both (user profile and "isakmp client configuration group"), the client receives only the user profile attributes.
An article on the ciscopress indicates that it is possible to combine both :
Thanks in advance for your help
RADIUS configuration for user user7 :
user7 Password = "passwd" ipsec:addr-pool=group99 ipsec:default-domain=domain.domain
device configuration :
aaa new-model ! ! aaa group server radius USERAUTHENGROUPRADIUS server x.x.x.x auth-port 1812 acct-port 1813 ! aaa authentication login userauthen group USERAUTHENGROUPRADIUS local aaa authorization network groupauthor local
crypto isakmp client configuration group vpngroup0 key cisco dns x.x.x.x domain domain.domain max-logins 1 acl SPLIT-TUNNEL
crypto ipsec transform-set vpntransformset esp-aes 256 esp-sha-hmac ! crypto dynamic-map vpndynamicmap 10 set transform-set vpntransformset reverse-route ! ! crypto map vpnclientmap client authentication list userauthen crypto map vpnclientmap isakmp authorization list groupauthor crypto map vpnclientmap client configuration address respond crypto map vpnclientmap 10 ipsec-isakmp dynamic vpndynamicmap