Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
51525354555657585960
3-12
VPN 3000 Series Concentrator Getting Started
78-15733-03
Chapter 3 Using the VPN Concentrator Manager for Quick Configuration
Configuring Authentication
You can choose how to authenticate users. You can select the VPN Concentrator internal server or one
of three external server types. You must select one server type. You can configure additional
authentication servers on the Configuration | System | Servers | Authentication screen using regular
system configuration.
Click the drop-down menu button and select the Server Type. The screen and its configurable fields
change depending on the Server Type. Choose one of the following:
Internal Server—The internal VPN Concentrator authentication server. (This is the default
selection.)
RADIUS—An external Remote Authentication Dial-In User Service server.
NT Domain—An external Windows NT Domain server.
SDI—An external RSA Security Inc. SecurID server.
Kerberos/Active Directory—An external Windows/Active Directory server or a UNIX/Linux
Kerberos server.
Before you configure an external server here, be sure that the external server you reference is itself
properly configured and that you know how to access it (IP address or hostname, TCP/UDP port,
secret/password, and so forth). The VPN Concentrator functions as the client of these servers.
Find your selected Server Type in the following sections and follow the configuration instructions there.
Internal Server Type
The VPN Concentrator internal authentication server lets you enter a maximum of 100 groups and users
(combined) in its database, which is adequate for a small user base. For larger numbers of users, we
recommend using an external authentication server. See the Configuration | User Management screens
under regular System Configuration.
The internal server has no configurable parameters.
Click Continue to proceed.
Skip to the section Configuring the Internal Server User Database, page 3-17.
RADIUS Server Type
External RADIUS servers can return group and user authentication parameters that match those on the
VPN Concentrator; other authentication servers do not. The VPN 3000 software CD-ROM includes a
link that customers with Cisco.com logins can use to access an evaluation copy of the CiscoSecure ACS
RADIUS authentication server. The VPN 3000 software CD-ROM also has current VPN 3000 VSA
registry files that let customers load new supported attributes on their ACS server, and provides
instructions for using them.