Filter
Top Products
12 User Management
12-6
VPN 3000 Concentrator Series User Guide
Primary DNS
Enter the IP address, in dotted decimal notation, of the primary DNS server for base-group users. The
system sends this address to the client as the first DNS server to use for resolving hostnames. If the base
group doesn’t use DNS, leave this field blank. See the Note on DNS and WINS entries under
Configuration
| User Management | Groups | Add
on page 12-22.
Secondary DNS
Enter the IP address, in dotted decimal notation, of the secondary DNS server for base-group users. The
system sends this address to the client as the second DNS server to use for resolving hostnames.
Primary WINS
Enter the IP address, in dotted decimal notation, of the primary WINS server for base-group users. The
system sends this address to the client as the first WINS server to use for resolving hostnames under
Windows NT. If the base group doesn’t use WINS, leave this field blank. See the Note on DNS and WINS
entries under
Configuration | User Management | Groups | Add on page 12-22.
Secondary WINS
Enter the IP address, in dotted decimal notation, of the secondary WINS server for base-group users. The
system sends this address to the client as the second WINS server to use for resolving hostnames under
Windows NT.
SEP Card Assignment
The VPN Concentrator can contain up to four SEP (Scalable Encryption Processing) modules that handle
encryption functions, which are compute-intensive. Two SEP modules handle up to 5000 sessions
(users)—the system maximum. Two additional modules can provide automatic failover for the first two.
This parameter lets you configure the load on each SEP module.
Check the box to assign the load to a given SEP module. By default, all boxes are checked, and we
recommend you keep the default. If your system does not have a given SEP module, the parameter is
ignored.
Tunneling Protocols
Check the desired boxes to select the VPN tunneling protocols that user clients can use. Configure
parameters on the
IPSec or PPTP/L2TP tabs as appropriate. Clients can use only the selected protocols.
You cannot check both
IPSec and L2TP over IPsec. The IPSec parameters differ for these two protocols,
and you cannot configure the base group for both.
PPTP = Point-to-Point Tunneling Protocol (checked by default). PPTP is a client-server protocol,
and it is popular with Microsoft clients. Microsoft Dial-Up Networking (DUN) 1.2 and 1.3 under
Windows 95/98 support it, as do versions of Windows NT 4.0 and Windows 2000.
L2TP = Layer 2 Tunneling Protocol (checked by default). L2TP is a client-server protocol. It
combines many features from PPTP and L2F (Layer 2 Forwarding).
IPSec = IP Security Protocol (checked by default). IPSec provides the most complete architecture
for VPN tunnels, and it is perceived as the most secure protocol. Both LAN-to-LAN (peer-to-peer)
connections and client-to-LAN connections can use IPSec. The Cisco VPN 3000 Client is an IPSec