Simultaneous Logins; Minimum Password Length; Allow Alphabetic-Only Passwords; Idle Timeout - Cisco VPN 3000 User Manual

Simultaneous Logins

Enter the number of simultaneous logins permitted for a single user. The minimum is 0 , which disables
login and prevents user access; default is 3 . While there is no maximum limit, allowing several could
compromise security and affect performance.

Minimum Password Length

Enter the minimum number of characters for user passwords. The minimum is 1 , the default is 8 , and
the maximum is 32 . To protect security, we strongly recommend 8 or higher.

Allow Alphabetic-Only Passwords

Check the box to allow user passwords with alphabetic characters only (the default). This option applies
only to users who are configured in and authenticated by the VPN Concentrator internal authentication
server. To protect security, we strongly recommend that you not allow such passwords; i.e., that you
require passwords to be a mix of alphabetic characters, numbers, and symbols, such as 648e&9G# .

Idle Timeout

Enter the idle timeout period in minutes. If there is no communication activity on a user connection in
this period, the system terminates the connection. The minimum is 1 , the default is 30 minutes, and the
maximum is 2147483647 minutes (over 4000 years). To disable timeout and allow an unlimited idle
period, enter 0 .

Maximum Connect Time

Enter the maximum user connection time in minutes. At the end of this time, the system terminates the
connection. The minimum is 1 minute, and the maximum is 2147483647 minutes (over 4000 years). To
allow unlimited connection time, enter 0 (the default).

Filter

Filters consist of rules that determine whether to allow or reject tunneled data packets coming through
the VPN Concentrator, based on criteria such as source address, destination address, and protocol. Cisco
supplies three default filters, which you can modify. To configure filters and rules, see the Configuration
| Policy Management | Traffic Management
Click the drop-down menu button and select the base-group filter:
Additional filters that you have configured also appear on the list.
VPN 3000 Concentrator Series User Guide
--None-- = No filter applied, which means there are no restrictions on tunneled data traffic. This is
the default selection.
Private (Default) = Allow all packets except source-routed IP packets. (This is the default filter for the
private Ethernet interface.)
Public (Default) = Allow inbound and outbound tunneling protocols plus ICMP and VRRP. Allow
fragmented IP packets. Drop everything else, including source-routed packets. (This is the default
filter for the public Ethernet interface.)
External (Default) = No rules applied to this filter. Drop all packets. (This is the default filter for the
external Ethernet interface.)
Configuration | User Management | Base Group
screens.
12-5