Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
31323334353637383940
158 Chapter 4: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
IKE Keepalives—Monitors the continued presence of a remote peer and notifies the
remote peer that the concentrator is still active. If a peer no longer responds to the
keepalives, the concentrator drops the connection, preventing hung connections that could
clutter the concentrator.
Tunnel Type—You can select either LAN-to-LAN or Remote Access as the tunnel type.
If you select LAN-to-LAN, you do not need to complete the remainder of this screen.
Group Lock—Checking this field forces the user to be a member of this group when
authenticating to the concentrator.
Authentication—This field selects the method of user authentication to use. The
available options are as follows:
None—No user authentication occurs. Use this with L2TP over IPSec.
RADIUS—Uses an external RADIUS server for authentication. The server
address is configured elsewhere.
RADIUS with Expiry—Uses an external RADIUS server for authentication. If
the user’s password has expired, this method gives the user the opportunity to
create a new password.
NT Domain—Uses an external Windows NT Domain system for user
authentication.
SDI—Uses an external RSA Security, Inc., SecurID system for user
authentication.
Internal—Uses the internal VPN concentrator authentication server for user
authentication.
IPComp—This option permits the use of the Lempel Zif Stac (LZS) compression
algorithm for IP traffic developed by Stac Electronics. This can speed connections for
users connecting through low-speed dial-up circuits.
Reauthentication on Rekey—During IKE phase 1, the VPN concentrator prompts the
user to enter an ID and password. When you enable reauthentication, the concentrator
prompts for user authentication whenever a rekey occurs, such as when the IKE SA
lifetime expires. If the SA lifetime is set too short, this could be an annoyance to your
users, but it provides an additional layer of security.
Mode Configuration—During SA negotiations, this option permits the exchange of
configuration parameters with the client. To pass configuration information to the client,
such as DNS or WINS addresses, you must enable this option. If you check this box, you
need to continue to the Mode Config tab to complete the selection of attributes there.
chpt_04.fm Page 158 Friday, April 4, 2003 9:19 AM