Creating or Modifying Other Groups

Creating or Modifying Other Groups

The Base Group features set in the last sections automatically apply to all users accessing the VPN Concentrator. If the security policy requires defining multiple groups with unique features and/or requirements, the Configuration | User Management | Groups screen, shown in Figure 14-27, can be used to configure access and usage parameters. A group is a collection of users treated as a single entity. Groups inherit parameters from the Base Group. The figure includes a group created in the next section.

Figure 14-27: Screen to create and manage user groups

To create and use groups beyond the Base Group requires using an internal authentication server. The authentication server must be one of the following:

• RADIUS—An external RADIUS server is the default.

• NT Domain—An external Windows NT Domain server.

• SDI—An external RSA Security Inc. SecurID server.

• Internal Server—The internal VPN Concentrator authentication server. With this server, you can configure a maximum of 100, 500, or 1000 groups and users (combined) in the internal database depending on the model number.

• Kerberos/Active Directory – Windows 2000/XP and Linux/Unix authentication server.

Adding a Group

The Configuration | User Management | Groups | Add screen, shown in Figure 14-28, shows the seven tabs used to define the configuration parameters for a new group. The Identity Parameters tab is used to configure the name, password, and authentication server type for this group.

Figure 14-28: Creating a group and defining a password

Group Name	Unique case-sensitive name for this specific group. Maximum length is 64 characters. Changing a group name automatically updates the group name for all users in the group. For remote access users connecting with digital certificates, this name must match exactly the Organizational Unit (OU) field of the user’s identity certificate.
Password	Unique case-sensitive password for this group. Minimum length is four characters. Maximum is 32 characters. The field displays only asterisks.
Verify	Reenter the group password to verify it. The field displays only asterisks.
Type	Use the Type drop-down menu button to select the authentication server type.

The six remaining tabs are used to change any options that either weren’t defined in the Base Group tabs with the same names or when the Base Group options need to be overridden. Figure 14-29 shows the parameter screens have a column to inherit the feature settings from the Base Group. A check mark in the Inherit? column indicates to inherit the default setting.