12 User Management
12-26
VPN 3000 Concentrator Series User Guide
Tunnel Type
Click the drop-down menu button and select the type of IPSec tunnel that this group’s clients use:
LAN-to-LAN = IPSec LAN-to-LAN connections between two VPN Concentrators (or between a VPN
Concentrator and another protocol-compliant security gateway). See
Configuration | System | Tunneling
Protocols | IPSec LAN-to-LAN
. If you select this type, ignore the rest of the parameters on this tab.
Remote Access = Remote IPSec client connections to the VPN Concentrator. If you select this type,
configure
Remote Access Parameters below.
Remote Access Parameters
These group parameters apply to remote-access IPSec client connections only. If you select Remote
Access
for Tunnel Type, configure these parameters.
Group Lock
Check the box to restrict users to remote access through this group only. The IPSec client connects to
the VPN Concentrator via a group name and password, and then the system authenticates a user via a
username and password. If this box is not checked, the system authenticates a user without regard to the
user’s assigned group.
Authentication
Click the drop-down menu button and select the user authentication method (authentication server type)
to use with this group’s remote-access IPSec clients. This selection identifies the authentication method,
not the specific server. Configure authentication servers on the
Configuration | System | Servers |
Authentication
screens.
Selecting any authentication method (other than
None) enables ISAKMP Extended Authentication, also
known as XAuth.
None = No IPSec user authentication method. If you checked L2TP over IPSec under Tunneling
Protocols
, use this selection.
RADIUS = Authenticate users via external Remote Authentication Dial-In User Service.
NT Domain = Authenticate users via external Windows NT Domain system.
SDI = Authenticate users via external RSA Security Inc. SecureID system.
Internal = Authenticate users via internal VPN Concentrator authentication server.
Mode Configuration
Check the box to use Mode Configuration with this group’s IPSec clients (also known as the ISAKMP
Configuration Method or Configuration Transaction). This option exchanges configuration parameters
with the client while negotiating Security Associations. If you check this box, configure the desired
Mode Configuration Parameters below; otherwise, ignore them.
To use split tunneling, you must check this box.
If you checked
L2TP over IPSec under Tunneling Protocols, do not check this box.
To Next Page
Loading...
Need help?
General