cc/td/doc/product/vpn/vpn3000/3_6
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

General
Configuration | System | General
Configuration | System | General | Identification
Configuration | System | General | Time and Date
Configuration | System | General | Sessions
Configuration | System | General | Global Authentication Parameters

General


General configuration parameters include VPN 3000 Concentrator environment items: system identification, time, and date.

Configuration | System | General

This section of the Manager lets you configure general VPN Concentrator parameters.


Figure 11-1   Configuration | System | General Screen


Configuration | System | General | Identification

This screen lets you configure system identification parameters that are stored in the standard MIB-II system object. Network management systems using SNMP can retrieve this object and identify the system. Configuring this information is optional.


Figure 11-2   Configuration | System | General | Identification Screen


System Name

Enter a system name that uniquely identifies this VPN Concentrator on your network, for example: VPN01. The maximum name length is 255 characters.

Contact

Enter the name of the contact person who is responsible for this VPN Concentrator. The maximum name length is 255 characters.

Location

Enter the location of this VPN Concentrator. The maximum length is 255 characters.

Apply / Cancel

To apply your system identification settings and include them in the active configuration, click Apply. The Manager returns to the Configuration | System | General screen.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your settings, click Cancel. The Manager returns to the Configuration | System | General screen.

Configuration | System | General | Time and Date

This screen lets you set the time and date on the VPN Concentrator. Setting the correct time is very important so that logging and accounting information is accurate.


Figure 11-3   Configuration | System | General | Time and Date Screen


Current Time

The screen shows the current date and time on the VPN Concentrator at the time the screen displays. You can refresh this by redisplaying the screen.

New Time

The values in the New Time fields are the time and date on the browser PC at the time the screen displays. Any entries you make apply to the VPN Concentrator, however.

In the appropriate fields, make any changes. The fields are, in order: Hour : Minute : Second   Month / Day / Year   Time Zone. Click the drop-down menu buttons to select Month and Time Zone.

The time is military time; that is, it is based on a twenty-four hour clock. (For example, 1:00 PM is 13:00:00.)

The time zone selections are offset in hours relative to GMT (Greenwich Mean Time), which is the basis for Internet time synchronization.

Enter the Year as a four-digit number.

Enable DST Support

To enable DST support, check the Enable DST Support check box. During DST (Daylight-Saving Time), clocks are set one hour ahead of standard time. Enabling DST support means that the VPN Concentrator automatically adjusts the time zone for DST or standard time. If your system is in a time zone that uses DST, you must enable DST support.

Apply / Cancel

To apply your time and date settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | General screen.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your settings, click Cancel. The Manager returns to the Configuration | System | General screen.

Configuration | System | General | Sessions

This screen lets you limit the number of simultaneous active sessions to fewer sessions than the VPN Concentrator could potentially support. The maximum number of sessions supported is determined by the hardware and is model-dependent.

Table 11-1   Maximum Sessions for Each VPN Concentrator Model

VPN Concentrator Model Maximum Number of Sessions

3005

100

3015

100

3030

1500

3060

5000

3080

10,000


Figure 11-4   Configuration | System | General | Sessions Screen (Model 3030)


Maximum Active Connections

The maximum number of concurrently active sessions permitted on this VPN Concentrator. Enter a value within the range indicated.

A value of zero (0) in this field means that there is no artificial limit below the maximum number of sessions supported by the hardware. In other words, for a VPN Concentrator 3030, a 0 in this field means that the maximum number of sessions is 1500.

Apply/Cancel

To apply your session settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | General screen.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your settings, click Cancel. The Manager returns to the Configuration | System | General screen.

Configuration | System | General | Global Authentication Parameters

By default, the VPN Concentrator authenticates both software clients and VPN 3002 hardware clients on the basis of their username. For clients to connect, you enter a string of characters (in a username field) as their identification. The VPN Concentrator considers the entire string to be a username and validates users on the basis of the entire string.

The group lookup feature allows clients to be authenticated on the basis of a group in addition to their username. If this feature is enabled, the VPN Concentrator checks the identification string to see if it contains the configured group delimiter. If the string contains the configured group delimiter, the VPN Concentrator interprets it as: UsernameDelimiterGroupname. It interprets the characters to the left of the delimiter as the user name and the characters to the right of the delimiter as the group name. It then authenticates the user on the basis of the group and applies the parameters of the specified group to the user. For example, if the user enters the string "JaneDoe#Cisco", the VPN Concentrator interprets JaneDoe as the user, # as the delimiter, and Cisco as the group. It authenticates the user "JaneDoe" on the basis of the "Cisco" group and applies the Cisco group parameters.

If the string does not contain a group delimiter, the VPN Concentrator considers the entire string to be the user name. It validates users on the basis of the user name alone, and applies the parameters of the tunnel group to the user.


Figure 11-5   Configuration | System | General | Global Authentication Parameters Screen


Enable Group Lookup

Check the Enable Group Lookup check box to enable user authentication on the basis of both user name and group name. Uncheck the check box to disable group lookup.

Group Delimiter

If you configured Enable Group Lookup, click the Group Delimiter drop-down menu and choose one of the following characters to separate the user name from the group name in the authentication string: @, #, or !. The default delimiter is: @.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Fri Apr 18 18:07:17 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.