Getting ready for IKE
Novell Cool Solutions: Question & Answer
Reader Rating 
Q:
I recently upgraded my NBM from 3.7 to 3.8, and my C2S works in legacy mode. Now I would like to make the shift to IKE mode.
I'm confused about the authentification methods that i need to use. If I'm supposed to use the NMAS with LDAP, I assume, I have made an
authentification rule that allows NMAS with the logged authentification
grade. What else do I need to configure on the C2S Service page in iManager?
A:
You need to configure both traffic rules (that determine what a VPN user
can access) and authentication rules (that determine who can log in to the
VPN and how).
To start, just to make sure you're not fighting with other problems. I'd go for a simple "Allow anyone anything" traffic rule and an "Allow NMAS
authentication" with "Logged" method for the authentication rule.
If you also want to push DNS and SLP services to your VPN client, you'll
have to configure that section as well.
The LDAP configuration is used only if you're trying to have the VPN users authenticate across different trees. Unless you're doing this, you'll not need it. In the VPN client, you'll have to select the "NMAS" radio button (but leave
"Use LDAP" unchecked).
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com