Network authentication.

Just one question to better understand what I'm going to do.

among several commands to give the router to permit a VPNClient to authenticate itself I must give the following statements

aaa authentication login userauthen local aaa authorization network groupauthor local

The first one means that for the list userauthen the router must look inside local database. If the last option were "group" I could specify a RADIUS server. Seen what the router must authorize (isakmp parameters) I would ask you if I can store isakmp parameters on a RADIUS server.

Thanks, Alex.

Reply to
AM
Loading thread data ...

I dont think you are aware of authentication and authorization.authorization is for network authorization i.e. what commands can he issue after authenticates succesfully.

there is nothing as isakmp authorization. isakmp and ipsec policies will always be configured on router.

after a succesful authenticating the user via radius you can also specify authorization parameters on the radius server as to what the user is capable of doing.

Reply to
rave

So

does "aaa authorization network groupauthor group radius" have no meaning even if accepted by the router? Perhaps does "aaa authorization network groupauthor group radius none" mean that no network authorization is required?

Alex.

Reply to
AM

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.