AppendixF Cisco Secure ACS and Virtual Private Dial-up Netw or ks
VPDN Process
F-2
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Figure F-1 VPDN User Dials In
2. If VPDN is enabled, the NAS assumes that the user is a VPDN user. The NAS
strips off the username@ (mary@) portion of the username and authorizes
(not authenticates) the domain portion (corporation.us) with the ACS. See
Figure F-2.
Figure F-2 NAS Attempts to Authorize Domain
3. If the domain authorization fails, the NAS assumes the user is not a VPDN
user. The NAS then authenticates (not authorizes) the user as if the user is a
standard non-VPDN dial user. See FigureF-3.
S6645
Corporation
VPDN user
User = mary@corporation.us
Call setup / PPP setup
Username = mary@corporation.us
ACS
RSP
ACS
Authorization request
User = corporation.us
S6646
Corporation
VPDN user
User = mary@corporation.us
ACS
RSP
ACS