Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   VPN3000 Question (http://www.velocityreviews.com/forums/t517462-vpn3000-question.html)

Steve Ray 06-25-2007 12:54 PM

VPN3000 Question
 
Guys

I'm setting up a VPN3000 Series VPN concentrator

I have initially setup the user authentication on the unit itself, this was
done as we had less than 20 users on the unit who were test bedding the
system

I have now offered this service out to around 1000 of users users and have
come in work today with over 100 requests for this service (allowing them to
work from home)

I've noticed that under the authentication settings I can allow "Windows
NT", it looks like the settings are looking for an AD server

My question is:

If I change the settings in the authentication box to point to "Windows NT"
do I immidiatley lose the users (and passwords) in the VPN server or if I
decide that I have chosen the wrong option and I change it back will I still
have these users and not have to re-create all the users again

I'd be interested in trying this but do want to "just try" incase I
seriously upset my userbase

TIA

Steve


Trendkill 06-25-2007 12:59 PM

Re: VPN3000 Question
 
On Jun 25, 8:54 am, "Steve Ray" <nocha...@all.com> wrote:
> Guys
>
> I'm setting up a VPN3000 Series VPN concentrator
>
> I have initially setup the user authentication on the unit itself, this was
> done as we had less than 20 users on the unit who were test bedding the
> system
>
> I have now offered this service out to around 1000 of users users and have
> come in work today with over 100 requests for this service (allowing them to
> work from home)
>
> I've noticed that under the authentication settings I can allow "Windows
> NT", it looks like the settings are looking for an AD server
>
> My question is:
>
> If I change the settings in the authentication box to point to "Windows NT"
> do I immidiatley lose the users (and passwords) in the VPN server or if I
> decide that I have chosen the wrong option and I change it back will I still
> have these users and not have to re-create all the users again
>
> I'd be interested in trying this but do want to "just try" incase I
> seriously upset my userbase
>
> TIA
>
> Steve


Not sure if they will save or not, but you should be able to backup
your user database and config prior to the change and restore
immediately upon issues. Check out that option and let us know.


notaccie 06-26-2007 05:31 AM

Re: VPN3000 Question
 
On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <nochance@all.com>
wrote:

>Guys
>
>I'm setting up a VPN3000 Series VPN concentrator
>
>I have initially setup the user authentication on the unit itself, this was
>done as we had less than 20 users on the unit who were test bedding the
>system
>
>I have now offered this service out to around 1000 of users users and have
>come in work today with over 100 requests for this service (allowing them to
>work from home)
>
>I've noticed that under the authentication settings I can allow "Windows
>NT", it looks like the settings are looking for an AD server
>
>My question is:
>
>If I change the settings in the authentication box to point to "Windows NT"
>do I immidiatley lose the users (and passwords) in the VPN server or if I
>decide that I have chosen the wrong option and I change it back will I still
>have these users and not have to re-create all the users again
>
>I'd be interested in trying this but do want to "just try" incase I
>seriously upset my userbase
>
>TIA
>
>Steve



If you would like to try it out, create another group to test. It
actually works fine. Creating additional groups are easy. Once you
are comfortable, you can then move users into a "production" group as
is convenient.

We didn't use straight AD authentication because we wanted to
strictly authorize who could access our network with the VPN.

If you are an MS AD shop, think about using IAS/RADIUS and create an
AD group that has the users whom you wish to access the VPN. One
nice feature is that RADIUS with expiry allows the remote access user
to change an expired domain password. Very convenient.

We settled on mutual authenticaton with a MS machine or user cert
issued by our internal PKI and the RADIUS authentication. An easy to
understand, two-factor authentication.

good luck.



Steve Ray 06-26-2007 08:35 AM

Re: VPN3000 Question
 
This is great,

I'll give this a go

Steve

"notaccie" <notaccie@yahoo.com> wrote in message
news:fh8183hqrud0elkgl9cbtf9g4jb919kbfl@4ax.com...
> On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <nochance@all.com>
> wrote:
>
>>Guys
>>
>>I'm setting up a VPN3000 Series VPN concentrator
>>
>>I have initially setup the user authentication on the unit itself, this
>>was
>>done as we had less than 20 users on the unit who were test bedding the
>>system
>>
>>I have now offered this service out to around 1000 of users users and have
>>come in work today with over 100 requests for this service (allowing them
>>to
>>work from home)
>>
>>I've noticed that under the authentication settings I can allow "Windows
>>NT", it looks like the settings are looking for an AD server
>>
>>My question is:
>>
>>If I change the settings in the authentication box to point to "Windows
>>NT"
>>do I immidiatley lose the users (and passwords) in the VPN server or if I
>>decide that I have chosen the wrong option and I change it back will I
>>still
>>have these users and not have to re-create all the users again
>>
>>I'd be interested in trying this but do want to "just try" incase I
>>seriously upset my userbase
>>
>>TIA
>>
>>Steve

>
>
> If you would like to try it out, create another group to test. It
> actually works fine. Creating additional groups are easy. Once you
> are comfortable, you can then move users into a "production" group as
> is convenient.
>
> We didn't use straight AD authentication because we wanted to
> strictly authorize who could access our network with the VPN.
>
> If you are an MS AD shop, think about using IAS/RADIUS and create an
> AD group that has the users whom you wish to access the VPN. One
> nice feature is that RADIUS with expiry allows the remote access user
> to change an expired domain password. Very convenient.
>
> We settled on mutual authenticaton with a MS machine or user cert
> issued by our internal PKI and the RADIUS authentication. An easy to
> understand, two-factor authentication.
>
> good luck.
>
>




All times are GMT. The time now is 03:28 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.