Using advanced features
206 Avaya VPNmanager Configuration Guide Release 3.7
Send VSU(s) names that are involved in CCD only. Select this option if you want the
remote client to query only those VSUs that are performing Dyna-Policy services. This is
useful if a domain contains many VSUs that are not used for authenticating remote
clients. This saves time for the remote client because they don’ t have to query every VSU
to build a complete Dyna-Policy.
Send no VSU names. Select this option if a Directory Server or RADIUS Server is used
for storing Dyna-Policies. No VSUs are use for locally storing the polices.
Customize. Select this option if you wish to specify individual VSU names to be sent.
5. When finished, click Save.
6. When you want to send the configuration to one or more VSUs, click Update Details.
SuperUser Password (VPNos 3.x)
This function allows you to disable the SuperUser password allowing only LDAP-based
communication in the future. Normally used in conjunction with role-based management.
This feature consists of two options for authenticating into a VSU to perform configuration
changes:
VSU/Advanced/SuperUser Password ON (default)
VSU/Advanced/SuperUser Password OFF
Advanced/SuperUser Password ON (default) - both SuperUser and LDAP authentication are
allowed. The VSU attempts to authenticate VPNmanager via SuperUser account first. If this
fails the VSU then attempts to authenticate via the VPNmanager user's LDAP account. A
successful connection requires that the VSU's authorization provider be set to LDAP user or
SuperUser/LDAPuser (default).
When a new configuration is downloaded to the VSU, the VSU authorization provider is res et to
SuperUser/LDAPuser, regardless of the previous setting. The next time VPNmanager attempts
to connect it may use either SuperUser account or the VPNmanager user's LDAP account.
Advanced/SuperUser Password OFF - only LDAP authentication is allowed. The VSU only
attempts to authenticate VPNmanager via the user's LDAP account. A successful connection
requires that the VSU authorization provider be set to LDAPuser or SuperUser/LDAPuser
(default). When a new configuration is downloaded to the VSU, the VSU authorization provider
is reset to LDAPuser, no matter the previous setting. The next time VPNmanager attempts to
connect it must use the VPNmanager user's LDAP account.
If VPNmanager has been incorrectly set with VSU/Advanced/SuperUser Password OFF and no
LDAP server/user account is configured or available, you must access the VSU console and
reset the authorization provider. Before re-attempting to connect, the VPNmanager must set
VSU/Advanced/SuperUser Password back to ON, or only a single connection is authenticated,
and with SuperUser password left in the OFF position, the VSU only allows LDAP
authentication on the next attempt.