Cisco Systems OL-5532-02 Name, Owner Select button, IP Address, Server Type, Server Role, Port

Page 4

Chapter 4 Remote Access VPN Services

Adding AAA Server Devices to Your Repository

Table 4-1 Create AAA Server Fields

Field Name

 

Type

Instructions

 

 

 

 

 

 

Name

 

text box

Enter a name for the AAA server.

 

 

 

 

 

Owner

 

Select button

Specify whether the policy is global by clicking Global, or customer owned by

 

 

 

clicking Customer.

 

 

 

If you select Customer, you are required to specify the owner. Choose the customer

 

 

 

with which you want to associate the AAA server. To do this, click Customer >

 

 

 

Select. The Customer for IPsec Policy dialog box appears. Click the button next to

 

 

 

the customer you want to select and click Select (to choose that customer), or click

 

 

 

Cancel to exit the dialog box without saving changes. Both return you to the main

 

 

 

page.

 

 

 

 

 

IP Address

 

text box

Enter the IP address of the AAA server.

 

 

 

 

 

Server Type

 

drop-down

Click the drop-down list and select the type of the AAA server. The type can be

 

 

list

RADIUS, NTDOMAIN, SDI, or TACACS+. The NTDOMAIN and SDI options are

 

 

 

supported for the VPN 3000 only.

 

 

 

 

 

Server Role

 

drop-down

Click the drop-down list and select the server role for this AAA server:

 

 

list

AUTHENTICATION – Use as an authentication server only.

 

 

 

 

 

 

ACCOUNTING – Use as an accounting server only.

 

 

 

BOTH – Use as an authentication and accounting server.

 

 

 

 

 

Port

 

text box

Enter the authentication port number if the AAA server acts as an authentication

 

 

 

server. The default authentication port is 1645 for a RADIUS server.

 

 

 

 

 

Accounting Server

 

text box

Enter the accounting port number if the AAA server acts as an accounting server. The

Port

 

 

default accounting port is 1646 for a RADIUS server.

 

 

 

 

 

Timeout

 

text box

Enter the timeout in seconds for how long to wait after sending a query to the server

 

 

 

and receiving no response before trying again. The default is 4 seconds.

 

 

 

 

 

Retries

 

text box

Enter the number of times to retry sending a query to the server after the timeout

 

 

 

period. The default is 2.

 

 

 

 

 

Secret

 

text box

Enter the AAA server secret (also called the shared secret). The field displays only

 

 

 

asterisks.

 

 

 

 

 

Verify Secret

 

text box

Retype the AAA server secret. It must match what you entered in the Secret field

 

 

 

exactly.

 

 

 

 

 

Step 4

Click Save when done. The AAA Servers page appears with the newly created AAA server displayed in

 

the AAA server list, as shown in Figure 4-4.

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

4-4

OL-5532-02

 

 

Image 4
Contents Remote Access VPN Services Adding AAA Server Devices to Your Repository AAA Servers Timeout NameOwner Select button IP AddressCreating Encryption Policies Click Remote Access VPN Policy PoliciesRemote Access VPN Policy General Editor Group Password Confirm PasswordXAuth Timeout Use ModeAuthentication Default DomainNAT Traversal IKE NAT KeepaliveRemote Access VPN Policy Address Pools Defining Address PoolsEnding Address Starting AddressNet Mask 11 Remote Access VPN Policy Split Tunneling Network List Defining Split Tunneling Networks OptionalSplit Tunneling PolicyGenerate CreateDefining the Remote Access User List Optional 14 The Everything Option for Split TunnelingPassword User IDEnabled SA Idle Timeout SA Idle TimeoutDefining Cisco IOS Software-Specific Parameters Defining PIX Firewall-Specific Parameters Reverse RouteInjection Group LockIdle Timeout Defining VPN 3000-Specific ParametersMax Connect Time Sysopt ConnectionLogins Min Password Only PasswordsAuthentication on SimultaneousDefining the VPN 3000 Access Hours Defining the VPN 3000 L2TP Parameters ControlStart Time End TimeUse Client Address L2TP CompressionRequired Require StatelessMSCHAPv1 SummaryMSCHAPv2 23 The Policies Page with Policy Status Displayed Creating Remote Access VPN Service Requests IPsec Network-basedDescription Remote Access PoliciesAAA Servers CPEs29 CPEs Associated with Remote Access Service Dialog Box 31 Add/Remove Templates Dialog Box 32 The Template DataFile Chooser Action ActiveOL-5532-02