12 User Management
12-22
VPN 3000 Concentrator Series User Guide
Maximum Connect Time
Enter the group’s maximum user connection time in minutes. At the end of this time, the system
terminates the connection. The minimum is
1, and the maximum is 2147483647 minutes (over 4000
years). To allow unlimited connection time, enter
0.
Filter
Filters consist of rules that determine whether to allow or reject tunneled data packets coming through
the VPN Concentrator, based on criteria such as source address, destination address, and protocol. Cisco
supplies three default filters, which you can modify. To configure filters and rules, see the
Configuration
| Policy Management | Traffic Management
screens.
Click the drop-down menu button and select the filter to apply to this group’s users:
--None-- = No filter applied, which means there are no restrictions on tunneled data traffic.
Private (Default) = Allow all packets except source-routed IP packets. (This is the default filter for the
private Ethernet interface.)
Public (Default) = Allow inbound and outbound tunneling protocols plus ICMP and VRRP. Allow
fragmented IP packets. Drop everything else, including source-routed packets. (This is the default
filter for the public Ethernet interface.)
External (Default) = No rules applied to this filter. Drop all packets. (This is the default filter for the
external Ethernet interface.)
Additional filters that you have configured also appear on the list.
Note on DNS and
WINS entries
below:
If the base group uses DNS or WINS, and:
— this group uses the base-group setting: check the appropriate
Inherit? box (the default).
— this group uses different DNS or WINS servers: clear the appropriate
Inherit? check box and enter this
group’s server IP address(es).
— this group doesn’t use DNS or WINS: clear the appropriate
Inherit? check box and enter 0.0.0.0 in
the IP address field.
If the base group does not use DNS or WINS, and:
— this group also does not use DNS or WINS: check the appropriate
Inherit? check box (the default).
— this group uses DNS or WINS: clear the appropriate
Inherit? check box and enter this group’s server
IP address(es).
Primary DNS
Enter the IP address, in dotted decimal notation, of the primary DNS server for this group’s users. The
system sends this address to the client as the first DNS server to use for resolving hostnames. See note
above.
Secondary DNS
Enter the IP address, in dotted decimal notation, of the secondary DNS server for this group’s users. The
system sends this address to the client as the second DNS server to use for resolving hostnames. See note
above.
To Next Page
Loading...
Need help?
General