Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
51525354555657585960
3-16
VPN 3000 Series Concentrator Getting Started
78-15733-03
Chapter 3 Using the VPN Concentrator Manager for Quick Configuration
Configuring Authentication
Kerberos/Active Directory Server Type
Configure these parameters for an external Windows/Active Directory server or a UNIX/Lynx Kerberos
server.
Figure 3-12 Configuration | Quick | Authentication Screen, Kerberos/Active Directory Server
To configure the parameters for the Kerberos/Active Directory server, follow these steps:
Step 1 In the Authentication Server field, enter the hostname or IP address of the external Kerberos/Active
Directory authentication server.
Step 2 In the Server Port field, enter the TCP port number by which you access the server. Enter 0 (the default)
to have the system supply the default port number, 88.
Step 3 In the Timeout field, enter the time in seconds to wait, after sending a query to the server and receiving
no response, before trying again. The minimum time is 1 second. The default time is 4 seconds. The
maximum time is 30 seconds.
Step 4 In the Retries field, enter the number of times to retry sending a query to the server after the timeout
period. If there is still no response after this number of retries, the VPN Concentrator declares this server
inoperative and uses the next Kerberos/Active Directory authentication server in the list. The minimum
number of retries is 0. The default number of retries is 2. The maximum number of retries is 10.
Step 5 In the Realm field, enter the realm name for this server, for example: USDOMAIN.ACME.COM. You
must enter this name, and it must be the correct realm name for the server for which you entered the IP
address in Authentication Server. If it is incorrect, authentication will fail.
The following types of servers require that you enter the realm name in all uppercase letters: Windows
2000, Windows XP, and Windows .NET. For these types of servers, if the letters are not uppercase,
authentication will fail.
If you selected the IPSec tunneling protocol, skip to the section Configuring the IPSec Group, page 3-18.
Otherwise, skip to the section Changing Admin Password, page 3-21.