System information
156 Chapter 4: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
• Maximum Connect Time—0 disables maximum connect time. The range here is again
1 minute to over 4000 years.
• Filter—Filters determine whether IPSec traffic is permitted or denied for this group.
There are three default filters: Public, Private, and External. You can select from those
or from any that you can define in the drop-down box. The default None option permits
IPSec to handle all traffic.
• Primary/Secondary DNS/WINS—These have been modified from the Base Group’s
default settings.
• SEP Card Assignment—Some models of the VPN concentrator can contain up to four
Scalable Encryption Processing (SEP) modules that handle encryption functions. This
attribute allows you to steer the IPSec traffic for this group to specific SEPs to perform
your own load balancing.
• Tunneling Protocols—IPSec has been selected, but you could allow the group to use
Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and L2TP
over IPSec as well.
• Strip Realm—The default operation of the VPN concentrator verifies users against
the internal database using a combination of the username and realm qualifier, as in
username@group. The @group portion is called the realm. You can have the VPN
concentrator use name only by checking the value for this attribute.
Figure 4-21 Configuration | User Management | Groups | Modify > General
chpt_04.fm Page 156 Friday, April 4, 2003 9:19 AM