Manual Apple iOS Deployment (page 37 of 88) (English)

598867

Zoom out

Zoom in

1/88

Chapter 4 Infrastructure and integration 37

•

Username with password

•

RSA SecurID

•

CRYPTOCard

Authentication groups

The Cisco Unity protocol uses authentication groups to group users based on a common set

of parameters. You should create an authentication group for iOS users. For pre-shared key and

hybrid authentication, the group name must be congured on the device with the group’s

shared secret (pre-shared key) as the group password.

When using certicate authentication, there’s no shared secret. A user’s group is determined

from elds in the certicate. The Cisco server settings can be used to map elds in a certicate to

user groups.

RSA-Sig must be the highest priority on the ISAKMP priority list.

Certicates

When you set up and install certicates:

•

The server identity certicate must contain the server’s DNS name or IP address in the

SubjectAltName eld. The device uses this information to verify that the certicate belongs to

the server. For more exibility, you can specify the SubjectAltName using wildcard characters

for per-segment matching, such as vpn.*.mycompany.com. If no SubjectAltName is specied,

you can put the DNS name in the common name eld.

•

The certicate of the CA that signed the server’s certicate needs to be installed on the device.

If it isn’t a root certicate, install the rest of the trust chain so that the certicate is trusted.

If you use client certicates, make sure the trusted CA certicate that signed the client’s

certicate is installed on the VPN server. When using certicate-based authentication, make

sure the server is set up to identify the user’s group, based on elds in the client certicate.

Important: The certicates and certicate authorities must be valid (for example, not expired).

Sending of certicate chain by the server isn’t supported.

IPSec settings and descriptions

IPSec has various settings that you can use to dene how it will be implemented:

•

Mode: Tunnel mode.

•

IKE Exchange Modes: Aggressive Mode for pre-shared key and hybrid authentication or Main

Mode for certicate authentication.

•

Encryption Algorithms: 3DES, AES-128, or AES256.

•

Authentication Algorithms: HMAC-MD5 or HMAC-SHA1.

•

Die-Hellman Groups: Group 2 is required for pre-shared key and hybrid authentication.

Group 2 with 3DES and AES-128 for certicate authentication. Group 2 or 5 with AES-256.

•

PFS (Perfect Forward Secrecy): IKE phase 2, if PFS is used, the Die-Hellman group must be the

same as was used for IKE phase 1.

•

Mode Conguration: Must be enabled.

•

Dead Peer Detection: Recommended.

•

Standard NAT Traversal: Supported and can be enabled (IPSec over TCP isn’t supported).

•

Load Balancing: Supported and can be enabled.

•

Rekeying of Phase 1: Not currently supported. It’s recommend that rekeying times on the

server be set to one hour.

100% resize factor

Beautiful wrestlers who are fighting click on Bet-Tips.ru
click and you will be extremely happy. Submitted on 23-1-2023 at 04:26
Reply Report abuse
Bitcoin or Litecoin? Of course Litecoin!
My Litecoin Address: LiFRfuM3jcJVXBLk19gVA8Lh1ukdP7Wngs
Send me Litecoin. Please. God bless you! Thanks. Submitted on 2-12-2022 at 18:12
Reply Report abuse

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of Apple iOS Deployment in the language / languages: English as an attachment in your email.

The manual is 2,32 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

Others manual(s) of Apple iOS Deployment

Apple iOS Deployment User Manual - German - 99 pages

Apple iOS Deployment User Manual - Dutch - 100 pages

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

Apple iOS Deployment Manual

Product: