5
Servers
Configuration | System | Servers | Authentication
This section lets you configure the VPN Concentrator internal server and external RADIUS, NT Domain,
and SDI servers for authenticating users. To create and use a VPN, you must configure at least one
authentication server type; i.e., at least one method of authenticating users.
If you check Use Address from Authentication Server on the Configuration | System | Address Management |
Assignment
You must also configure servers here that correspond to the settings for Authentication method on the
IPSec Parameters
if you specify RADIUS authentication under IPSec for the base group, you must configure at least one
RADIUS authentication server here. And in this example, the first RADIUS server is considered the
primary server, the second RADIUS server is backup, etc.; any other server types are ignored.
Before you configure an external server here, be sure that the external server you reference is itself
properly configured and that you know how to access it (IP address or hostname, TCP/UDP port, secret/
password, etc.). The VPN Concentrator functions as the client of these servers.
The Cisco software CD-ROM includes a 30-day evaluation copy of Funk Software's Steel-Belted
RADIUS authentication server and instructions for using it with the VPN Concentrator.
After you have configured an external authentication server, you can also test it. Testing sends a
username and password to the server to determine that the VPN Concentrator is communicating properly
with it, and that the server properly authenticates valid users and rejects invalid users.
If you configure the internal authentication server, you can add users to the internal database by clicking
the highlighted link, which takes you to the Configuration | User Management | Users screen. To configure
the internal server, you just add at least one user or group to the internal database.
If you configure IPSec on the Quick Configuration | Protocols screen, the VPN Concentrator automatically
configures the internal authentication server. The internal server is also the default selection on the Quick
Configuration | Authentication
You can configure and prioritize up to 10 authentication servers here. The first server of a given type is
the primary server for that type, and the rest are backup servers in case the primary is inoperative.
Figure 5-2: Configuration | System | Servers | Authentication screen
5-2
screen, you must configure an authentication server here.
tab on the Configuration | User Management | Base Group and Group screens. For example,
screen.
VPN 3000 Concentrator Series User Guide