This is great,
I'll give this a go
Steve
"notaccie" <> wrote in message
news:...
> On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <>
> wrote:
>
>>Guys
>>
>>I'm setting up a VPN3000 Series VPN concentrator
>>
>>I have initially setup the user authentication on the unit itself, this
>>was
>>done as we had less than 20 users on the unit who were test bedding the
>>system
>>
>>I have now offered this service out to around 1000 of users users and have
>>come in work today with over 100 requests for this service (allowing them
>>to
>>work from home)
>>
>>I've noticed that under the authentication settings I can allow "Windows
>>NT", it looks like the settings are looking for an AD server
>>
>>My question is:
>>
>>If I change the settings in the authentication box to point to "Windows
>>NT"
>>do I immidiatley lose the users (and passwords) in the VPN server or if I
>>decide that I have chosen the wrong option and I change it back will I
>>still
>>have these users and not have to re-create all the users again
>>
>>I'd be interested in trying this but do want to "just try" incase I
>>seriously upset my userbase
>>
>>TIA
>>
>>Steve
>
>
> If you would like to try it out, create another group to test. It
> actually works fine. Creating additional groups are easy. Once you
> are comfortable, you can then move users into a "production" group as
> is convenient.
>
> We didn't use straight AD authentication because we wanted to
> strictly authorize who could access our network with the VPN.
>
> If you are an MS AD shop, think about using IAS/RADIUS and create an
> AD group that has the users whom you wish to access the VPN. One
> nice feature is that RADIUS with expiry allows the remote access user
> to change an expired domain password. Very convenient.
>
> We settled on mutual authenticaton with a MS machine or user cert
> issued by our internal PKI and the RADIUS authentication. An easy to
> understand, two-factor authentication.
>
> good luck.
>
>
|
Similar Threads
