Appendix E Cisco Secure ACS and Virtual Private Dial-up Networks
VPDN Process
E-2
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Figure E-1
VPDN User Dials In
2.
If VPDN is enabled, the NAS assumes that the user is a VPDN user. The NAS
strips off the “username@” (mary@) portion of the username and authorizes
(not authenticates) the domain portion (corporation.us) with the ACS. See
Figure E-2
.
Figure E-2
NAS Attempts to Authorize Domain
3.
If the domain authorization fails, the NAS assumes the user is not a VPDN
user. The NAS then authenticates (not authorizes) the user as if the user is a
standard non-VPDN dial user. See
Figure E-3
.
S6645
Corporation
VPDN user
User = [email protected]
Call setup / PPP setup
Username = [email protected]
ACS
RSP
ACS
Authorization request
User = corporation.us
S6646
Corporation
VPDN user
User = [email protected]
ACS
RSP
ACS