Table of Contents
Advertisement
12
User Management
Maximum Connect Time
Enter the group's maximum user connection time in minutes. At the end of this time, the system
terminates the connection. The minimum is 1 , and the maximum is 2147483647 minutes (over 4000
years). To allow unlimited connection time, enter 0 .
Filter
Filters consist of rules that determine whether to allow or reject tunneled data packets coming through
the VPN Concentrator, based on criteria such as source address, destination address, and protocol. Cisco
supplies three default filters, which you can modify. To configure filters and rules, see the Configuration
| Policy Management | Traffic Management
Click the drop-down menu button and select the filter to apply to this group's users:
--None--
Private (Default)
private Ethernet interface.)
Public (Default)
fragmented IP packets. Drop everything else, including source-routed packets. (This is the default
filter for the public Ethernet interface.)
External (Default)
external Ethernet interface.)
Additional filters that you have configured also appear on the list.
Note on DNS and
If the base group uses DNS or WINS, and:
WINS entries
— this group uses the base-group setting: check the appropriate Inherit? box (the default).
below:
— this group uses different DNS or WINS servers: clear the appropriate Inherit? check box and enter this
group's server IP address(es).
— this group doesn't use DNS or WINS: clear the appropriate Inherit? check box and enter 0.0.0.0 in
the IP address field.
If the base group does not use DNS or WINS, and:
— this group also does not use DNS or WINS: check the appropriate Inherit? check box (the default).
— this group uses DNS or WINS: clear the appropriate Inherit? check box and enter this group's server
IP address(es).
Primary DNS
Enter the IP address, in dotted decimal notation, of the primary DNS server for this group's users. The
system sends this address to the client as the first DNS server to use for resolving hostnames. See note
above.
Secondary DNS
Enter the IP address, in dotted decimal notation, of the secondary DNS server for this group's users. The
system sends this address to the client as the second DNS server to use for resolving hostnames. See note
above.
12-22
= No filter applied, which means there are no restrictions on tunneled data traffic.
= Allow all packets except source-routed IP packets. (This is the default filter for the
= Allow inbound and outbound tunneling protocols plus ICMP and VRRP. Allow
= No rules applied to this filter. Drop all packets. (This is the default filter for the
screens.
VPN 3000 Concentrator Series User Guide
Hide quick links:
Advertisement
Table of Contents
