System information
Scenario 4-2 Answers 211
9
Unlimited access? This would be a group-by-group decision. Does the R&D team work
around the clock or just during business hours? Do you need to set aside a regular
maintenance window for network upgrades? Do the execs need unlimited access?
10 Idle timeout and maximum connect time? You probably want to drop connections after
they have been idle for 20 to 30 minutes. There is no overpowering reason to establish
limits on connect time. If you close the connection when it is idle, you should not have to
worry about lengthy connections.
Scenario 4-2 Answers
1 General tab settings for the DonutShops group:
• Access Hours—No Restrictions
• Simultaneous Logins—1, uncheck Inherit?
• Minimum Password Length—8
• Allow Alphabetic-Only Passwords—No, uncheck Inherit?
• Idle Timeout—30
• Maximum Connect Time—0
• Filter—None
• Primary DNS—192.168.44.20, uncheck Inherit?
• Secondary DNS—192.168.63.20, uncheck Inherit?
• Primary WINS—192.168.44.25, uncheck Inherit?
• Secondary WINS—192.168.63.25, uncheck Inherit?
• SEP Card Assignment—You can leave these checked. Without SEP modules, this
attribute has no effect.
• Tunneling Protocols—Check only IPSec, uncheck Inherit?
• Strip Realm—Leave unchecked. You will be using an external authentication
service, so this field has no effect.
2 IPSec tab settings for the DonutShops group:
• IPSec SA—ESP-3DES-MD5
• IKE Peer Identity Validation—If supported by certificate
• IKE Keepalives—Enabled
• Reauthentication on Rekey—Enabled, uncheck Inherit?
chpt_04.fm Page 211 Friday, April 4, 2003 9:19 AM