Re: VPN3000 Question

This is great,

I'll give this a go

Steve

"notaccie" <notaccie@xxxxxxxxx> wrote in message news:fh8183hqrud0elkgl9cbtf9g4jb919kbfl@xxxxxxxxxx
On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <nochance@xxxxxxx>
wrote:

Guys

I'm setting up a VPN3000 Series VPN concentrator

I have initially setup the user authentication on the unit itself, this was
done as we had less than 20 users on the unit who were test bedding the
system

I have now offered this service out to around 1000 of users users and have
come in work today with over 100 requests for this service (allowing them to
work from home)

I've noticed that under the authentication settings I can allow "Windows
NT", it looks like the settings are looking for an AD server

My question is:

If I change the settings in the authentication box to point to "Windows NT"
do I immidiatley lose the users (and passwords) in the VPN server or if I
decide that I have chosen the wrong option and I change it back will I still
have these users and not have to re-create all the users again

I'd be interested in trying this but do want to "just try" incase I
seriously upset my userbase

TIA

Steve


If you would like to try it out, create another group to test. It
actually works fine. Creating additional groups are easy. Once you
are comfortable, you can then move users into a "production" group as
is convenient.

We didn't use straight AD authentication because we wanted to
strictly authorize who could access our network with the VPN.

If you are an MS AD shop, think about using IAS/RADIUS and create an
AD group that has the users whom you wish to access the VPN. One
nice feature is that RADIUS with expiry allows the remote access user
to change an expired domain password. Very convenient.

We settled on mutual authenticaton with a MS machine or user cert
issued by our internal PKI and the RADIUS authentication. An easy to
understand, two-factor authentication.

good luck.



.

Relevant Pages

  • Re: VPN3000 Question
    ... I have initially setup the user authentication on the unit itself, ... I've noticed that under the authentication settings I can allow "Windows ... do I immidiatley lose the users in the VPN server or if I ... issued by our internal PKI and the RADIUS authentication. ...
    (comp.dcom.sys.cisco)
  • Re: VPN3000 Question
    ... I have initially setup the user authentication on the unit itself, ... I've noticed that under the authentication settings I can allow "Windows ... do I immidiatley lose the users in the VPN server or if I ... issued by our internal PKI and the RADIUS authentication. ...
    (comp.dcom.sys.cisco)
  • Re: second authentication with asas and radius
    ... we have a cisco asa 5520 set up with radius authentication, ... Assuming the user account database to access the network via VPN is ... the applications being accessed from VPN have independent ...
    (comp.dcom.sys.cisco)
  • [NEWS] Multiple Vulnerabilities with Pingtel xpressa SIP Phones
    ... remote administrative configuration of the phone's settings. ... The Pingtel xpressa SIP-based phone ships with no administrator password, ... Requiring Authentication of Incoming Calls ... Altering the Behavior of the Web Server ...
    (Securiteam)
  • Re: Alternative Access Mapping User Prompts
    ... you'd better to check the other authentication settings: ... \par - IIS Authentication Settings is Integrated Windows authentication - NTLM ... \par Microsoft Global Technical Support Center ... \par> What every SharePoint administrator needs to know about Alternate Access ...
    (microsoft.public.sharepoint.portalserver)