FAQ  Search  Memberlist  Usergroups  Register  Profile  Private messages  Log in

VPN3000 Question

Forum Index -> comp.dcom.sys.cisco

Author	Message
Steve Ray Guest	Posted: Mon Jun 25, 2007 3:41 pm    Post subject: VPN3000 Question Guys I'm setting up a VPN3000 Series VPN concentrator I have initially setup the user authentication on the unit itself, this was done as we had less than 20 users on the unit who were test bedding the system I have now offered this service out to around 1000 of users users and have come in work today with over 100 requests for this service (allowing them to work from home) I've noticed that under the authentication settings I can allow "Windows NT", it looks like the settings are looking for an AD server My question is: If I change the settings in the authentication box to point to "Windows NT" do I immidiatley lose the users (and passwords) in the VPN server or if I decide that I have chosen the wrong option and I change it back will I still have these users and not have to re-create all the users again I'd be interested in trying this but do want to "just try" incase I seriously upset my userbase TIA Steve
Back to top
Trendkill Guest	Posted: Mon Jun 25, 2007 3:41 pm    Post subject: Re: VPN3000 Question On Jun 25, 8:54 am, "Steve Ray" <nocha...@all.com> wrote: Quote: Guys I'm setting up a VPN3000 Series VPN concentrator I have initially setup the user authentication on the unit itself, this was done as we had less than 20 users on the unit who were test bedding the system I have now offered this service out to around 1000 of users users and have come in work today with over 100 requests for this service (allowing them to work from home) I've noticed that under the authentication settings I can allow "Windows NT", it looks like the settings are looking for an AD server My question is: If I change the settings in the authentication box to point to "Windows NT" do I immidiatley lose the users (and passwords) in the VPN server or if I decide that I have chosen the wrong option and I change it back will I still have these users and not have to re-create all the users again I'd be interested in trying this but do want to "just try" incase I seriously upset my userbase TIA Steve Not sure if they will save or not, but you should be able to backup your user database and config prior to the change and restore immediately upon issues. Check out that option and let us know.
Back to top
notaccie Guest	Posted: Tue Jun 26, 2007 5:59 am    Post subject: Re: VPN3000 Question On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <nochance@all.com> wrote: Quote: Guys I'm setting up a VPN3000 Series VPN concentrator I have initially setup the user authentication on the unit itself, this was done as we had less than 20 users on the unit who were test bedding the system I have now offered this service out to around 1000 of users users and have come in work today with over 100 requests for this service (allowing them to work from home) I've noticed that under the authentication settings I can allow "Windows NT", it looks like the settings are looking for an AD server My question is: If I change the settings in the authentication box to point to "Windows NT" do I immidiatley lose the users (and passwords) in the VPN server or if I decide that I have chosen the wrong option and I change it back will I still have these users and not have to re-create all the users again I'd be interested in trying this but do want to "just try" incase I seriously upset my userbase TIA Steve If you would like to try it out, create another group to test. It actually works fine. Creating additional groups are easy. Once you are comfortable, you can then move users into a "production" group as is convenient. We didn't use straight AD authentication because we wanted to strictly authorize who could access our network with the VPN. If you are an MS AD shop, think about using IAS/RADIUS and create an AD group that has the users whom you wish to access the VPN. One nice feature is that RADIUS with expiry allows the remote access user to change an expired domain password. Very convenient. We settled on mutual authenticaton with a MS machine or user cert issued by our internal PKI and the RADIUS authentication. An easy to understand, two-factor authentication. good luck.
Back to top
Steve Ray Guest	Posted: Tue Jun 26, 2007 1:35 pm    Post subject: Re: VPN3000 Question This is great, I'll give this a go Steve "notaccie" <notaccie@yahoo.com> wrote in message news:fh8183hqrud0elkgl9cbtf9g4jb919kbfl@4ax.com... Quote: On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <nochance@all.com wrote: Guys I'm setting up a VPN3000 Series VPN concentrator I have initially setup the user authentication on the unit itself, this was done as we had less than 20 users on the unit who were test bedding the system I have now offered this service out to around 1000 of users users and have come in work today with over 100 requests for this service (allowing them to work from home) I've noticed that under the authentication settings I can allow "Windows NT", it looks like the settings are looking for an AD server My question is: If I change the settings in the authentication box to point to "Windows NT" do I immidiatley lose the users (and passwords) in the VPN server or if I decide that I have chosen the wrong option and I change it back will I still have these users and not have to re-create all the users again I'd be interested in trying this but do want to "just try" incase I seriously upset my userbase TIA Steve If you would like to try it out, create another group to test. It actually works fine. Creating additional groups are easy. Once you are comfortable, you can then move users into a "production" group as is convenient. We didn't use straight AD authentication because we wanted to strictly authorize who could access our network with the VPN. If you are an MS AD shop, think about using IAS/RADIUS and create an AD group that has the users whom you wish to access the VPN. One nice feature is that RADIUS with expiry allows the remote access user to change an expired domain password. Very convenient. We settled on mutual authenticaton with a MS machine or user cert issued by our internal PKI and the RADIUS authentication. An easy to understand, two-factor authentication. good luck.
Back to top
Steve Ray Guest	Posted: Tue Jun 26, 2007 3:00 pm    Post subject: Re: VPN3000 Question This is great, I'll give this a go Steve Quote: "notaccie" <notaccie@yahoo.com> wrote in message news:fh8183hqrud0elkgl9cbtf9g4jb919kbfl@4ax.com... On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <nochance@all.com wrote: Guys I'm setting up a VPN3000 Series VPN concentrator I have initially setup the user authentication on the unit itself, this was done as we had less than 20 users on the unit who were test bedding the system I have now offered this service out to around 1000 of users users and have come in work today with over 100 requests for this service (allowing them to work from home) I've noticed that under the authentication settings I can allow "Windows NT", it looks like the settings are looking for an AD server My question is: If I change the settings in the authentication box to point to "Windows NT" do I immidiatley lose the users (and passwords) in the VPN server or if I decide that I have chosen the wrong option and I change it back will I still have these users and not have to re-create all the users again I'd be interested in trying this but do want to "just try" incase I seriously upset my userbase TIA Steve If you would like to try it out, create another group to test. It actually works fine. Creating additional groups are easy. Once you are comfortable, you can then move users into a "production" group as is convenient. We didn't use straight AD authentication because we wanted to strictly authorize who could access our network with the VPN. If you are an MS AD shop, think about using IAS/RADIUS and create an AD group that has the users whom you wish to access the VPN. One nice feature is that RADIUS with expiry allows the remote access user to change an expired domain password. Very convenient. We settled on mutual authenticaton with a MS machine or user cert issued by our internal PKI and the RADIUS authentication. An easy to understand, two-factor authentication. good luck.
Back to top
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

	Forum Index -> comp.dcom.sys.cisco	All times are GMT
Page 1 of 1