Attributes Sent to the RADIUS Server
RADIUS attributes 146 and 150 are sent from the FDM-managed device to the RADIUS server for authentication and authorization requests. All the following attributes are sent from the FDM-managed device to the RADIUS server for accounting start, interim-update, and stop requests.
|
Attribute |
Attribute |
Syntax, Type |
Single or Multi-valued |
Description or Value |
|---|---|---|---|---|
|
Client Type |
150 |
Integer |
Single |
The type of client this is connecting to the VPN: 2= AnyConnect Client SSL VPN |
|
Session Type |
151 |
Integer |
Single |
The type of connection: 1 = AnyConnect Client SSL VPN |
|
Tunnel Group Name |
146 |
String |
Single |
The name of the connection profile that was used for establishing the session, as defined on the FDM-managed device. The name can be 1 - 253 characters. |
Attributes Received from the RADIUS Server
The following user authorization attributes are sent to the FDM-managed device from the RADIUS server.
| Attribute | Attribute Number | Syntax, Type | Single or Multi-valued | Description or Value |
|---|---|---|---|---|
| Access-List-Inbound | 86 | String | Single | Both Access-List attributes take the name of an ACL that is configured on the FDM-managed device. Create these ACLs in firewall device manager using the Smart CLI Extended Access List object type (Log in to firewall device manager and select Device > Advanced Configuration > Smart CLI > Objects). These ACLs control traffic flow in the inbound (traffic entering the FDM-managed device) or outbound (traffic leaving the FDM-managed device) direction. |
| Access-List-Outbound | 87 | String | Single | |
| Address-Pools | 217 | String | Single | The name of a network object defined on the FDM-managed device that identifies a subnet, which will be used as the address pool for clients connecting to the RA VPN. Define the network object on the Objects page. |
| Banner1 | 15 | String | Single | The banner to display when the user logs in. |
| Banner2 | 36 | String | Single | The second part of the banner to display when the user logs in. Banner2 is appended to Banner1. |
| Group-Policy | 25 | String | Single |
The group policy to use in the connection. You must create the group policy on the RA VPN Group Policy page. You can use one of the following formats:
|
| Simultaneous-Logins | 2 | Integer | Single | The number of separate simultaneous connections the user can establish, 0 - 2147483647. |
| VLAN | 140 | Integer | Single | The VLAN on which to confine the user's connection, 0 - 4094. You must also configure this VLAN on a subinterface on the FDM-managed device. |