RADIUS Attributes Reference
144
RADIUS ATTRIBUTES REFERENCE GUIDE
RELEASE 14.0.R4
3HE 10793 AAAB TQZZA 01 Issue: 01
26-6527-10 Alc-Secondary-Dns The IPv4 DNS server address to be assigned to an IKEv2 remote-
access tunnel client via IKEv2 configuration payload:
INTERNAL_IP4_DNS. Up to four DNS server addresses can be
returned to a client, including Alc-Primary-Dns, Alc-Secondary-Dns,
Alc-Ipv6-Primary-Dns and Alc-Ipv6-Secondary-Dns.
26-6527-61 Alc-IPsec-Serv-Id IPSec private service id, used by IKEv1/v2 remote-access tunnel,
referring to the preconfigured VPRN where the IPSec tunnel terminates
(configure service vprn service-id). A default private service is used
when this attribute is omitted (configure service vprn interface sap
ipsec-gw default-secure-service). If the returned service id doesn't exist/
out-of limits or exists but not a VPRN service, the tunnel setup will fail.
26-6527-62 Alc-IPsec-Interface Private IPSec interface name, used by IKEv1/v2 remote-access tunnel,
refers to a preconfigured private ipsec interface the IPSec tunnel
terminates (config>service>vprn>interface int-name tunnel). A
default private interface is used when this attribute is omitted
(config>service>ies>if>sap>ipsec-gw>default-secure-service
service-id interface ip-int-name); the maximum length is 32 bytes; if the
returned interface doesn't exist/exceed the maximum length or exists
but is not a private ipsec interface, the tunnel setup will fail.
26-6527-63 Alc-IPsec-Tunnel-
Template-Id
IPSec tunnel-template id, used by IKEv1/v2 remote-access tunnel,
refers to a preconfigured ipsec tunnel-template (configure ipsec
tunnel-template ipsec template identifier). A default tunnel-template is
used when this attribute is omitted (configure service vprn interface
sap ipsec-gw default-tunnel-template template-id). If the returned
template does not exist or exceeds the limits, the tunnel setup will fail.
26-6527-64 Alc-IPsec-SA-
Lifetime
IPSec phase2 SA lifetime in seconds, used by IKEv1/v2 remote-access
tunnel. A preconfigured value is used when this attribute is omitted
(configure ipsec ike-policy policy-id ipsec-lifetime ipsec-lifetime).
Values outside the Limits are treated as a tunnel setup failure.
26-6527-65 Alc-IPsec-SA-PFS-
Group
IPSec PFS group id, used by IKEv1/v2 remote-access tunnel. The PFS
group in ike-policy is used when this attribute is omitted (configure
ipsec ike-policy policy-id pfs dh-group grp-id); if the returned value is
not one of the allowed value, the tunnel setup will fail.
26-6527-66 Alc-IPsec-SA-Encr-
Algorithm
IPSec phase2 SA Encryption Algorithm, used by IKEv1/v2 remote-
access tunnel. The esp-encryption-algorithm in ipsec-transform is used
when this attribute is omitted (configure ipsec ipsec-transform esp-
encryption-algorithm algo). This attribute must be used along with
Alc-IPsec-SA-Auth-Algorithm, otherwise tunnel setup will fail. Values
different then the Limits are treated as a setup failure.
Table 48 IPSec (Description) (Continued)
Attribute ID Attribute Name Description
To Next Page
Loading...
