System information

208 Chapter 4: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys

Scenario 4-2

Your company sells donuts and has 60 shops located in a three-state area. These shops are each

connected to the Internet using DSL circuits. You want to establish IPSec VPN connections

from each shop through the Internet to the corporate network for sending/receiving e-mail,

reporting sales, and ordering supplies.

You will be using a Cisco VPN 3030 Concentrator with no SEP modules. Device authentication

is accomplished using preshared keys. User authentication is done through the NT Domain. The

IP addresses of the DNS servers are 192.168.44.20 and 192.168.63.20. The IP addresses of the

WINS servers are 192.168.44.25 and 12.168.63.25. No changes have been made to the default

Base Group.

Create a group for the shops called DonutShops.

1 Indicate the settings that you would make on the group’s General tab for each of the

following attributes, and specify whether you would uncheck the Inherit? box.

• Access Hours

• Simultaneous Logins

• Minimum Password Length

• Allow Alphabetic-Only Passwords

• Idle Timeout

• Maximum Connect Time

• Filter

• Primary DNS

• Secondary DNS

• Primary WINS

• Secondary WINS

• SEP Card Assignment

• Tunneling Protocols

• Strip Realm

2 Indicate the settings that you would make on the group’s IPSec tab for each of the

following attributes, and specify whether you would uncheck the Inherit? box.

• IPSec SA

• IKE Peer Identity Validation

• IKE Keepalives

chpt_04.fm Page 208 Friday, April 4, 2003 9:19 AM