Cisco 3845 security bundle : VPN question

Hello,

I'm trying to combine the MODECFG attributes from a user profile from radius with the attributes from the isakmp group on the VPN device (3845 security bundle with IOS 12.4(9)T). Unfortunately it's not working. If I put all the attributes in the user profile, the client receives all the attributes. If I put all the attributes in the "isakmp client configuration group", the client receives all the attributes.

When I combine both (user profile and "isakmp client configuration group"), the client receives only the user profile attributes.

An article on the ciscopress indicates that it is possible to combine both :

> The attributes may also be applied on a per-user basis. > A user attribute overrides a group attribute value. > These attributes are retrieved at the time user authentication > occurs using XAUTH, and are then combined with group > attributes and applied during Mode-Configuration.

Thanks in advance for your help

RADIUS configuration for user user7 :

user7 Password = "passwd" ipsec:addr-pool=group99 ipsec:default-domain=domain.domain

device configuration :

aaa new-model ! ! aaa group server radius USERAUTHENGROUPRADIUS server x.x.x.x auth-port 1812 acct-port 1813 ! aaa authentication login userauthen group USERAUTHENGROUPRADIUS local aaa authorization network groupauthor local

crypto isakmp client configuration group vpngroup0 key cisco dns x.x.x.x domain domain.domain max-logins 1 acl SPLIT-TUNNEL

crypto ipsec transform-set vpntransformset esp-aes 256 esp-sha-hmac ! crypto dynamic-map vpndynamicmap 10 set transform-set vpntransformset reverse-route ! ! crypto map vpnclientmap client authentication list userauthen crypto map vpnclientmap isakmp authorization list groupauthor crypto map vpnclientmap client configuration address respond crypto map vpnclientmap 10 ipsec-isakmp dynamic vpndynamicmap