Cisco Systems VPN 3000 Configuration | System | Servers | Authentication

Configuration | System | Servers | Authentication | Add or Modify

5-3

VPN 3000 Concentrator Series User Guide

The Authentication Servers list shows the configured servers, in priority order. Each entry shows the server

identifier and type; e.g., 192.168.12.34(Radius). If no servers have been configured, the list shows

--Empty--. The first server of each type is the primary, the rest are backup.

To configure a new user authentication server, click Add. The Manager opens the Configuration | System |

Servers | Authentication | Add screen.

To modify a configured user authentication server, select the server from the list and click Modify. The

Manager opens the Configuration | System | Servers | Authentication | Modify screen. The internal server has

no configurable parameters, therefore there is no Modify screen. If you select the internal server and click

Modify, the Manager displays an error message.

To remove a configured user authentication server, select the server from the list and click Delete. There

is no confirmation or undo, except for the Internal Server (see the Configuration | System | Servers |

Authentication | Delete screen). The Manager refreshes the screen and shows the remaining entries in the

Authentication Servers list.

Note: If you delete a server, users authenticated by that server will no longer be able to access the VPN unless

another configured server can authenticate them.

To change the priority order for configured servers, select the entry from the list and click Move↑ or

Move ↓. The Manager refreshes the screen and shows the reordered Authentication Servers list.

To test a configured external user authentication server, select the server from the list and click Test. The

Manager opens the Configuration | System | Servers | Authentication | Test screen. There is no need to test the

internal server, and trying to do so returns an error message.

Reminder: The Manager immediately includes your changes in the active configuration. To save the active

configuration and make it the boot configuration, click th e Save Needed icon at the top of the Manager

window.

Configuration | System | Servers | Authentication | Add or Modify

These screens let you:

Add: Configure and add a new user authentication server.

Modify: Modify parameters for a configured user authenticat ion server.

Click the drop-down menu button and select the Server Type. The screen and its configurable fields

change depending on the Server Type. Choices are:

RADIUS = An external Remote Authentication Dial-In User Service server (default).

NT Domain = An external Windows NT Domain server.

SDI = An external RSA Security Inc. SecurID server.

Internal Server = The internal VPN Concentrator authentication server. With this server, you can

configure a maximum of 100 groups and users (combined) in the internal database. See Configuration

| User Management for details.