Filter
Top Products
12 User Management
12-8
VPN 3000 Concentrator Series User Guide
To use IPSec with remote-access clients, you must assign an SA. With IPSec LAN-to-LAN connections,
the system ignores this selection and uses parameters from the
Configuration | System | Tunneling Protocols
| IPSec LAN-to-LAN
screens.
The VPN Concentrator supplies these default selections:
--None-- = No SA assigned. Select this option if you need to configure groups with several different
SAs.
ESP-DES-MD5 = This SA uses DES 56-bit data encryption for both the IKE tunnel and IPSec traffic,
ESP/MD5/HMAC-128 authentication for IPSec traffic, and MD5/HMAC-128 authentication for the
IKE tunnel.
ESP-3DES-MD5 = This SA uses Triple-DES 168-bit data encryption and ESP/MD5/HMAC-128
authentication for IPSec traffic, and DES-56 encryption and MD5/HMAC-128 authentication for
the IKE tunnel. This is the default selection.
ESP/IKE-3DES-MD5 = This SA uses Triple-DES 168-bit data encryption for both the IKE tunnel and
IPSec traffic, ESP/MD5/HMAC-128 authentication for IPSec traffic, and MD5/HMAC-128
authentication for the IKE tunnel.
ESP-3DES-NONE = This SA uses Triple-DES 168-bit data encryption and no authentication for IPSec
traffic, and DES-56 encryption and MD5/HMAC-128 authentication for the IKE tunnel.
ESP-L2TP-TRANSPORT = This SA uses DES 56-bit data encryption and ESP/MD5/HMAC-128
authentication for IPSec traffic (with ESP applied only to the transport layer segment), and it uses
Triple-DES 168-bit data encryption and MD5/HMAC-128 for the IKE tunnel. Use this SA with the
L2TP over IPSec tunneling protocol.
Additional SAs that you have configured also appear on the list.
Tunnel Type
Click the drop-down menu button and select the type of IPSec tunnel that clients use:
LAN-to-LAN = IPSec LAN-to-LAN connections between two VPN Concentrators (or between a VPN
Concentrator and another protocol-compliant security gateway). See
Configuration | System | Tunneling
Protocols | IPSec LAN-to-LAN
. If you select this type, ignore the rest of the parameters on this tab.
Remote Access = Remote IPSec client connections to the VPN Concentrator (the default). If you
select this type, configure
Remote Access Parameters below.
Remote Access Parameters
These base-group parameters apply to remote-access IPSec client connections only. If you select Remote
Access
for Tunnel Type, configure these parameters.
Group Lock
Check the box to restrict users to remote access through this group only. The IPSec client connects to
the VPN Concentrator via a group name and password, and then the system authenticates a user via a
username and password. If this box is not checked (the default), the system authenticates a user without
regard to the user’s assigned group.