Request for comment
dao1 at LLNL.GOV
Mon Jan 29 16:56:25 EST 2001
We have set up a VPN service using the Cisco VPN5008 (formerly Compatible
IntraportEnterprise8). Our network architecture consisted of a VPN5008
(i.e. VPN Server), a Steel Belted RADIUS (Radius Server) and an Oracle
database (Oracle DB).
We used the static VPN group in the VPN Server, because we wanted to have
the ability to monitor VPN users logging onto the VPN network. The static
VPN group option pre-assigned a fixed IP address for each user. Using the
static IP address option, we were able to make one and only one VPN
connection to the VPN Server for every static account that we created.
Our desire was to have multiple login sessions from the same account and at
the same time have the ability to monitor the account that VPN users used
(in real-time, not via log files). At the moment, we can solve this
problem with the VPN group option, (i.e. define a user as a group with a
number of IP addresses that we needed) but we would be interested in
hearing if others have ideas for different ways of solving this problem.
VPN is sponsored by SecurityFocus.COM
More information about the VPN