|
General configuration parameters include VPN 3000 Concentrator environment items: system identification, time, and date.
This section of the Manager lets you configure general VPN Concentrator parameters.
This screen lets you configure system identification parameters that are stored in the standard MIB-II system object. Network management systems using SNMP can retrieve this object and identify the system. Configuring this information is optional.
Enter a system name that uniquely identifies this VPN Concentrator on your network, for example: VPN01. The maximum name length is 255 characters.
Enter the name of the contact person who is responsible for this VPN Concentrator. The maximum name length is 255 characters.
Enter the location of this VPN Concentrator. The maximum length is 255 characters.
To apply your system identification settings and include them in the active configuration, click Apply. The Manager returns to the Configuration | System | General screen.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your settings, click Cancel. The Manager returns to the Configuration | System | General screen.
This screen lets you set the time and date on the VPN Concentrator. Setting the correct time is very important so that logging and accounting information is accurate.
The screen shows the current date and time on the VPN Concentrator at the time the screen displays. You can refresh this by redisplaying the screen.
The values in the New Time fields are the time and date on the browser PC at the time the screen displays. Any entries you make apply to the VPN Concentrator, however.
In the appropriate fields, make any changes. The fields are, in order: Hour : Minute : Second Month / Day / Year Time Zone. Click the drop-down menu buttons to select Month and Time Zone.
The time is military time; that is, it is based on a twenty-four hour clock. (For example, 1:00 PM is 13:00:00.)
The time zone selections are offset in hours relative to GMT (Greenwich Mean Time), which is the basis for Internet time synchronization.
Enter the Year as a four-digit number.
To enable DST support, check the Enable DST Support check box. During DST (Daylight-Saving Time), clocks are set one hour ahead of standard time. Enabling DST support means that the VPN Concentrator automatically adjusts the time zone for DST or standard time. If your system is in a time zone that uses DST, you must enable DST support.
To apply your time and date settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | General screen.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your settings, click Cancel. The Manager returns to the Configuration | System | General screen.
This screen lets you limit the number of simultaneous active sessions to fewer sessions than the VPN Concentrator could potentially support. The maximum number of sessions supported is determined by the hardware and is model-dependent.
Table 11-1 Maximum Sessions for Each VPN Concentrator Model
VPN Concentrator Model | Maximum Number of Sessions |
---|---|
The maximum number of concurrently active sessions permitted on this VPN Concentrator. Enter a value within the range indicated.
A value of zero (0) in this field means that there is no artificial limit below the maximum number of sessions supported by the hardware. In other words, for a VPN Concentrator 3030, a 0 in this field means that the maximum number of sessions is 1500.
To apply your session settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | General screen.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your settings, click Cancel. The Manager returns to the Configuration | System | General screen.
By default, the VPN Concentrator authenticates both software clients and VPN 3002 hardware clients on the basis of their username. For clients to connect, you enter a string of characters (in a username field) as their identification. The VPN Concentrator considers the entire string to be a username and validates users on the basis of the entire string.
The group lookup feature allows clients to be authenticated on the basis of a group in addition to their username. If this feature is enabled, the VPN Concentrator checks the identification string to see if it contains the configured group delimiter. If the string contains the configured group delimiter, the VPN Concentrator interprets it as: UsernameDelimiterGroupname. It interprets the characters to the left of the delimiter as the user name and the characters to the right of the delimiter as the group name. It then authenticates the user on the basis of the group and applies the parameters of the specified group to the user. For example, if the user enters the string "JaneDoe#Cisco", the VPN Concentrator interprets JaneDoe as the user, # as the delimiter, and Cisco as the group. It authenticates the user "JaneDoe" on the basis of the "Cisco" group and applies the Cisco group parameters.
If the string does not contain a group delimiter, the VPN Concentrator considers the entire string to be the user name. It validates users on the basis of the user name alone, and applies the parameters of the tunnel group to the user.
Check the Enable Group Lookup check box to enable user authentication on the basis of both user name and group name. Uncheck the check box to disable group lookup.
If you configured Enable Group Lookup, click the Group Delimiter drop-down menu and choose one of the following characters to separate the user name from the group name in the authentication string: @, #, or !. The default delimiter is: @.
Posted: Fri Apr 18 18:07:17 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.