Table of Contents
Advertisement
12
User Management
Maximum Connect Time
Enter this user's maximum connection time in minutes. At the end of this time, the system terminates
the connection. The minimum is 1 , and the maximum is 2147483647 minutes (over 4000 years). To
allow unlimited connection time, enter 0 .
Filter
Filters consist of rules that determine whether to allow or reject tunneled data packets coming through
the VPN Concentrator, based on criteria such as source address, destination address, and protocol. Cisco
supplies three default filters, which you can modify. To configure filters and rules, see the Configuration
| Policy Management | Traffic Management
Click the drop-down menu button and select the filter to apply to this user:
--None--
Private (Default)
private Ethernet interface.)
Public (Default)
fragmented IP packets. Drop everything else, including source-routed packets. (This is the default
filter for the public Ethernet interface.)
External (Default)
external Ethernet interface.)
Additional filters that you have configured also appear on the list.
SEP Card Assignment
The VPN Concentrator can contain up to four SEP (Scalable Encryption Processing) modules that handle
encryption functions, which are compute-intensive. Two SEP modules handle up to 5000 sessions
(users)—the system maximum. Two additional modules can provide automatic failover for the first two.
This parameter lets you configure the load on each SEP module.
Check the box to assign this user to a given SEP module. If your system does not have a given SEP
module, the parameter is ignored.
Tunneling Protocols
Check the desired boxes to select the VPN tunneling protocols that this user can use. Configure
parameters on the IPSec or PPTP/L2TP tabs as appropriate. Users can use only the selected protocols.
You cannot check both IPSec and L2TP over IPsec . The IPSec parameters differ for these two protocols,
and you cannot configure a single user for both.
PPTP
Microsoft clients. Microsoft Dial-Up Networking (DUN) 1.2 and 1.3 under Windows 95/98 support
it, as do versions of Windows NT 4.0 and Windows 2000.
L2TP
from PPTP and L2F (Layer 2 Forwarding).
IPSec
is perceived as the most secure protocol. Both LAN-to-LAN (peer-to-peer) connections and
client-to-LAN connections can use IPSec. The Cisco VPN 3000 Client is an IPSec client
12-38
= No filter applied, which means there are no restrictions on tunneled data traffic.
= Allow all packets except source-routed IP packets. (This is the default filter for the
= Allow inbound and outbound tunneling protocols plus ICMP and VRRP. Allow
= No rules applied to this filter. Drop all packets. (This is the default filter for the
= Point-to-Point Tunneling Protocol. PPTP is a client-server protocol, and it is popular with
= Layer 2 Tunneling Protocol. L2TP is a client-server protocol. It combines many features
= IP Security Protocol. IPSec provides the most complete architecture for VPN tunnels, and it
screens.
VPN 3000 Concentrator Series User Guide
Hide quick links:
Advertisement
Table of Contents
