VPN

[ Pobierz całość w formacie PDF ]

user profile.
pagoda#./AddProfile-p9900-uISP_NAS-prNAS_Group-sISP_NAS
Create a tunnel user called ISP_NAS under the group
Profile Successfully Added
NAS_Group where
pagoda#
" -p 9900 indicates that Add Profile uses this port to
connect to the database.
" -u ISP_NAS indicates the tunnel profile name.
" -pr NAS_Group indicates the group which this user
belongs to.
" -s ISP_NAS indicates the file used to create this user
profile.
66 Access VPN Solutions Using Tunneling Technology
Step 4 Configuring the CiscoSecure ACS NT Server
Use this command To do this
pagoda# cd /cs/config
Modify the file called CSU.cfg to support VPN
accounting records.
Change your working directory to config.
pagoda# vi CSU.cfg
Open a vi editor session to modify the file called CSU.cfg
DOMAIN config_local_domain =
where:
{
" DOMAIN config_local_domain= means that the
{
accounting records generated are for hgw.com.
"hgw.com",
"@",
" hgw.com defines the name of the domain.
suffix
" @ defines the delimiter.
}
};
" suffix defines that the domain name is placed after the
username.
:wq!
Exit the vi editor session and save the modifications to the
CSU.cfg file.
pagoda# /etc/rc0.d/K80CiscoSecure
Shut down the CiscoSecure UNIX server.
pagoda# /etc/rc2.d/S80CiscoSecure
Restart the CiscoSecure UNIX server.
Step 4 Configuring the CiscoSecure ACS NT Server
In this step, the enterprise customer:
" Installs CiscoSecure NT, selecting RADIUS (Cisco) as the security protocol and identifying the
access server by which authentication requests are transmitted
" Configures CiscoSecure NT to delete the domain name from incoming usernames so that the
username matches the format CiscoSecure NT uses in its username/password database
" Creates a CiscoSecure NT user profile, which includes a username, password, and a description
of the user
In CiscoSecure NT, basic accounting services are configured by default.
Note CiscoSecure NT refers to the home gateway as the network access server or just the access
server. Make sure that when CiscoSecure NT prompts you to enter information about what it calls
the access server, you enter the corresponding information about the home gateway. CiscoSecure NT
does not communicate with the NAS. Therefore, the only server CiscoSecure NT refers to is the
home gateway.
Configuring the Access VPN to Work with Remote AAA 67
Use this display To do this
Install CiscoSecure NT. Before you can successfully
install CiscoSecure NT, make sure you meet the
following criteria:
" A client can successfully dial in to the NAS. If you
have successfully configured the access VPN to work
with local AAA, you have met this criterion.
" This Windows NT server can ping the NAS. If you
have successfully configured the access VPN to work
with local AAA, you have met this criterion.
" The NAS is running Cisco IOS Release 11.1 or later
release.
" A compatible browser is installed on the Windows NT
server.
" On the Before You Begin screen, check all the
corresponding boxes when the requirements are met.
" Click Next.
In the Choose Destination Location screen:
" Select the folder where Setup will install
CiscoSecure NT.
" Click Next.
In the Authentication Database Configuration screen,
define the database where CiscoSecure NT authenticates
users. You have the option to use either the:
" Local CiscoSecure database or
" Local CiscoSecure database and the Windows NT user
database.
In this scenario, only the local CiscoSecure database is
queried for user accounts.
" Click CiscoSecure ACS database only.
" Click Next.
68 Access VPN Solutions Using Tunneling Technology
Step 4 Configuring the CiscoSecure ACS NT Server
Use this display To do this
In the CiscoSecure ACS Network Access Server Details
screen, select the security protocol.
Note Remember that CiscoSecure NT calls the home
gateway the network access server.
" Select RADIUS (Cisco) in the security protocol box.
" Type ENT_HGW in the Access Server Name box.
" Type 172.22.66.25 in the Access Server IP Address
box.
" Type 172.22.66.13 in the Windows NT Server IP
Address box.
" Click Next.
In the Advanced Options screen, define the advanced
options that will appear in the CiscoSecure NT user
interface.
Click the following advanced options:
" User level network access restrictions [ Pobierz całość w formacie PDF ]

Podstrony