System information
154 Chapter 4: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
Because the Base Group had not been modified before Quick Configuration set up the new
group for IPSec use, that new group has default settings that it inherited from the Base Group.
Additionally, all the users that you created were placed in this single group. That might be
adequate for your organization. The final step you need to perform to set up the concentrator
for remote access using preshared keys is to validate the entries that were placed in the IPSec
group.
NOTE The discussions in this chapter assume that you would be performing the configuration on a new
concentrator. You could be setting up remote access services on a concentrator that has been
used for other purposes, such as LAN-to-LAN VPNs. In that case, you would start at this point
in the configuration process. While this discussion looks at modifying the group that was
established through Quick Configuration, you would simply need to add a new group from the
Configuration | User Management | Groups screen.
To modify the settings for the IPSec group previously created, work down to the Configuration |
User Management | Groups screen (see Figure 4-19). In this screen, you find the vpngroup02
group listed in the Current Groups window. There are internal and external groups. External
groups are those that would be used with external authentication servers such as RADIUS or
NT Domain. The vpngroup02 group is an internal group and is to be used with internal database
users.
Figure 4-19 Configuration | User Management | Groups
chpt_04.fm Page 154 Friday, April 4, 2003 9:19 AM