System information
VPN Concentrator Configuration 165
Figure 4-24 Configuration | User Management | Groups | Modify > Client FW
When you configure the VPN 3002 Hardware Client for the IPSec tunneling protocol, you enter
the IPSec group name and password that you configured on the VPN concentrator onto the
Configuration | System | Tunneling Protocols | IPSec screen of the VPN 3002 Hardware Client.
You must also enter a single username and password on that same screen, which are used to
establish user authentication for all users connected to the VPN 3002 Hardware Client. Both the
group name and username must be valid to establish the IPSec tunnel. Once the VPN 3002
Hardware Client and the VPN concentrator have established the VPN tunnel, any users
connected to the hardware client can use the secure tunnel.
To provide additional security, you can enable interactive authentication for the establishment of
the IPSec tunnel and for interactive user authentication. The HW Client tab, shown in Figure 4-25,
permits you to enable the following authentication features:
• Require Interactive Hardware Client Authentication—When this field is checked, the
username and password that were configured on the VPN 3002 Hardware Client are
ignored. The first user connected to the VPN 3002 Hardware Client that wants to begin
using secure IPSec communications is prompted to enter a valid username and password.
The method of authentication was selected earlier on the group’s IPSec tab. Once the
initial user establishes the IPSec tunnel, no other users are prompted for the tunnel
authentication username and password.
chpt_04.fm Page 165 Friday, April 4, 2003 9:19 AM