VPN3000 Question

Discussion in 'Cisco' started by Steve Ray, Jun 25, 2007.

  1. Steve Ray

    Steve Ray Guest

    Guys

    I'm setting up a VPN3000 Series VPN concentrator

    I have initially setup the user authentication on the unit itself, this was
    done as we had less than 20 users on the unit who were test bedding the
    system

    I have now offered this service out to around 1000 of users users and have
    come in work today with over 100 requests for this service (allowing them to
    work from home)

    I've noticed that under the authentication settings I can allow "Windows
    NT", it looks like the settings are looking for an AD server

    My question is:

    If I change the settings in the authentication box to point to "Windows NT"
    do I immidiatley lose the users (and passwords) in the VPN server or if I
    decide that I have chosen the wrong option and I change it back will I still
    have these users and not have to re-create all the users again

    I'd be interested in trying this but do want to "just try" incase I
    seriously upset my userbase

    TIA

    Steve
    Steve Ray, Jun 25, 2007
    #1
    1. Advertising

  2. Steve Ray

    Trendkill Guest

    On Jun 25, 8:54 am, "Steve Ray" <> wrote:
    > Guys
    >
    > I'm setting up a VPN3000 Series VPN concentrator
    >
    > I have initially setup the user authentication on the unit itself, this was
    > done as we had less than 20 users on the unit who were test bedding the
    > system
    >
    > I have now offered this service out to around 1000 of users users and have
    > come in work today with over 100 requests for this service (allowing them to
    > work from home)
    >
    > I've noticed that under the authentication settings I can allow "Windows
    > NT", it looks like the settings are looking for an AD server
    >
    > My question is:
    >
    > If I change the settings in the authentication box to point to "Windows NT"
    > do I immidiatley lose the users (and passwords) in the VPN server or if I
    > decide that I have chosen the wrong option and I change it back will I still
    > have these users and not have to re-create all the users again
    >
    > I'd be interested in trying this but do want to "just try" incase I
    > seriously upset my userbase
    >
    > TIA
    >
    > Steve


    Not sure if they will save or not, but you should be able to backup
    your user database and config prior to the change and restore
    immediately upon issues. Check out that option and let us know.
    Trendkill, Jun 25, 2007
    #2
    1. Advertising

  3. Steve Ray

    notaccie Guest

    On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <>
    wrote:

    >Guys
    >
    >I'm setting up a VPN3000 Series VPN concentrator
    >
    >I have initially setup the user authentication on the unit itself, this was
    >done as we had less than 20 users on the unit who were test bedding the
    >system
    >
    >I have now offered this service out to around 1000 of users users and have
    >come in work today with over 100 requests for this service (allowing them to
    >work from home)
    >
    >I've noticed that under the authentication settings I can allow "Windows
    >NT", it looks like the settings are looking for an AD server
    >
    >My question is:
    >
    >If I change the settings in the authentication box to point to "Windows NT"
    >do I immidiatley lose the users (and passwords) in the VPN server or if I
    >decide that I have chosen the wrong option and I change it back will I still
    >have these users and not have to re-create all the users again
    >
    >I'd be interested in trying this but do want to "just try" incase I
    >seriously upset my userbase
    >
    >TIA
    >
    >Steve



    If you would like to try it out, create another group to test. It
    actually works fine. Creating additional groups are easy. Once you
    are comfortable, you can then move users into a "production" group as
    is convenient.

    We didn't use straight AD authentication because we wanted to
    strictly authorize who could access our network with the VPN.

    If you are an MS AD shop, think about using IAS/RADIUS and create an
    AD group that has the users whom you wish to access the VPN. One
    nice feature is that RADIUS with expiry allows the remote access user
    to change an expired domain password. Very convenient.

    We settled on mutual authenticaton with a MS machine or user cert
    issued by our internal PKI and the RADIUS authentication. An easy to
    understand, two-factor authentication.

    good luck.
    notaccie, Jun 26, 2007
    #3
  4. Steve Ray

    Steve Ray Guest

    This is great,

    I'll give this a go

    Steve

    "notaccie" <> wrote in message
    news:...
    > On Mon, 25 Jun 2007 13:54:40 +0100, "Steve Ray" <>
    > wrote:
    >
    >>Guys
    >>
    >>I'm setting up a VPN3000 Series VPN concentrator
    >>
    >>I have initially setup the user authentication on the unit itself, this
    >>was
    >>done as we had less than 20 users on the unit who were test bedding the
    >>system
    >>
    >>I have now offered this service out to around 1000 of users users and have
    >>come in work today with over 100 requests for this service (allowing them
    >>to
    >>work from home)
    >>
    >>I've noticed that under the authentication settings I can allow "Windows
    >>NT", it looks like the settings are looking for an AD server
    >>
    >>My question is:
    >>
    >>If I change the settings in the authentication box to point to "Windows
    >>NT"
    >>do I immidiatley lose the users (and passwords) in the VPN server or if I
    >>decide that I have chosen the wrong option and I change it back will I
    >>still
    >>have these users and not have to re-create all the users again
    >>
    >>I'd be interested in trying this but do want to "just try" incase I
    >>seriously upset my userbase
    >>
    >>TIA
    >>
    >>Steve

    >
    >
    > If you would like to try it out, create another group to test. It
    > actually works fine. Creating additional groups are easy. Once you
    > are comfortable, you can then move users into a "production" group as
    > is convenient.
    >
    > We didn't use straight AD authentication because we wanted to
    > strictly authorize who could access our network with the VPN.
    >
    > If you are an MS AD shop, think about using IAS/RADIUS and create an
    > AD group that has the users whom you wish to access the VPN. One
    > nice feature is that RADIUS with expiry allows the remote access user
    > to change an expired domain password. Very convenient.
    >
    > We settled on mutual authenticaton with a MS machine or user cert
    > issued by our internal PKI and the RADIUS authentication. An easy to
    > understand, two-factor authentication.
    >
    > good luck.
    >
    >
    Steve Ray, Jun 26, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dietmar Romer

    VPN3000, radius: error = -9 ("ENOBUFS")

    Dietmar Romer, Aug 2, 2004, in forum: Cisco
    Replies:
    0
    Views:
    639
    Dietmar Romer
    Aug 2, 2004
  2. Matthew
    Replies:
    1
    Views:
    505
  3. Wil Schultz

    VPN3000 v4.7

    Wil Schultz, Mar 12, 2005, in forum: Cisco
    Replies:
    0
    Views:
    438
    Wil Schultz
    Mar 12, 2005
  4. Replies:
    1
    Views:
    474
    Matthew Melbourne
    Jun 11, 2005
  5. Replies:
    1
    Views:
    423
    Stefan Heinrich
    Aug 22, 2005
Loading...

Share This Page