Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
21222324252627282930
VPN Concentrator Configuration 153
Figure 4-18 IPSec Configuration
The interfaces have already been configured using the Quick Configuration option. If you
chose to use internal authentication, the Quick Configuration wizard then asked you to enter
usernames and passwords and then requested a group name to use for IPSec traffic.
Recall from previous chapters that there is a hierarchy to the way groups are used on the Cisco
VPN 3000 Concentrator. The following basic rules govern group usage:
Groups and users have attributes that can be modified to control how they can use the
services of the concentrator.
Users are always members of groups, and groups are always members of the Base Group.
The Base Group is a default group that cannot be deleted but which can be modified.
Inheritance rules state that, by default, users inherit rights from groups, and groups inherit
rights from the Base Group.
A user can only be a member of one concentrator group and, if not explicitly assigned to
a different group, is a member of the Base Group by default.
Users and groups have names and passwords.
If you change the attributes of a group, it affects all group members.
If you delete a group, user membership reverts to the Base Group.
chpt_04.fm Page 153 Friday, April 4, 2003 9:19 AM