Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
41424344454647484950
VPN Concentrator Configuration 173
Configuration | User Management
Configuration | User Management is the section that you used in the “Configuring IPSec with
Preshared Keys Through the VPN 3000 Concentrator Series Manager” section of this chapter
to configure the group for remote access with preshared keys. In addition to working with
specific groups, this section is used to configure the Base Group and to manage user accounts
for the internal authentication database.
With the default settings, new groups inherit the attributes of the Base Group. Those attributes
can be individually overridden for each group so that you can have a variety of groups with
different properties. You could have a group using L2TP, one using IPSec with preshared keys,
another using IPSec with digital certificates, another using RADIUS for user authentication,
and still another using the concentrator’s internal database for user authentication.
If you are using the concentrator for internal authentication and have defined your groups, this
section of the VPN Manager also allows you to create and manage user accounts. User accounts
inherit the attributes of their group, and user accounts can only belong to one group. If you do
not explicitly assign a user account to a group, it inherits the attributes of the Base Group.
Configuration | Policy Management
Policies control the actions of users as they connect to the VPN concentrator. User management
determines which users are allowed to use the device. Policy management determines when
users can connect, from where they can connect, and what kind of data are permitted in the
tunnels. The section of the VPN Manager established filters that determine whether to forward
or drop packets and whether to pass the traffic through a tunnel or to send it in the clear. Filters
are applied to interfaces, groups, and users.
The Policy Management section contains the following sections:
Access Hours—Establishes when remote users can access the VPN concentrator.
Traffic Management—Controls what data traffic can flow through the VPN concentrator.
Traffic Management is further divided into the following configuration sections:
Network Lists—Allows you to group lists of networks together as single
objects.
Rules—Provides detailed parameters that let you specify the handling of data
packets.
SAs—Lets you choose the options to be used in establishing IPSec Security
Associations. This is where you set the authentication, encryption, encapsula-
tion, and SA lifetime. You can modify predefined SAs or create your own.
Filters—Lets you combine the network lists, rules, and SAs into single
packages that you can then apply to interfaces, groups, and users.
NAT—The Cisco VPN 3000 Concentrators can perform Network Address
Translation, which you would configure in this section.
chpt_04.fm Page 173 Friday, April 4, 2003 9:19 AM