Nortel 1010 用户指南
Chapter 4 Configuring user tunnels 79
Nortel VPN Router Configuration — Basic Features
•
Maximum password age is the time after which the login password
expires. The Maximum Password Age range is from 0 (no password
expiration) to 180 days (6 months). Default is 30 days. Users receive a
warning that the password will expire each time they log in for two days
prior to the expiration date. They also receive three warnings before
access is denied. (If your clients are using a Microsoft Dial-up
Networking connection instead of the Nortel Connection Manager, then
they are not be notified of a password expiration or be given the
opportunity to change the password prior to expiration. You should not
use this feature unless you also plan to distribute the Connection Manager.
expires. The Maximum Password Age range is from 0 (no password
expiration) to 180 days (6 months). Default is 30 days. Users receive a
warning that the password will expire each time they log in for two days
prior to the expiration date. They also receive three warnings before
access is denied. (If your clients are using a Microsoft Dial-up
Networking connection instead of the Nortel Connection Manager, then
they are not be notified of a password expiration or be given the
opportunity to change the password prior to expiration. You should not
use this feature unless you also plan to distribute the Connection Manager.
•
Minimum password length can be from 3 to 16 alphanumeric characters.
If you set the minimum length to eight characters, then the remote user
must use at least eight characters as the login password. Default is 16
characters.
If you set the minimum length to eight characters, then the remote user
must use at least eight characters as the login password. Default is 16
characters.
•
Alpha-numeric passwords forces remote users to log in with a
combination of alphabetic (A to Z) and numeric (1 to 9) characters. Nortel
does not recommend using all alphabetic characters because this makes it
easier for hackers to decode. The default is Disabled.
combination of alphabetic (A to Z) and numeric (1 to 9) characters. Nortel
does not recommend using all alphabetic characters because this makes it
easier for hackers to decode. The default is Disabled.
9
Enter the amount of Idle Timeout time a connection can be idle (no data has
been transmitted or received through the connection for the specified amount
of time). When the idle timeout expires, the session is terminated. This option
helps prevent allocation of resources on the Nortel VPN Router for sessions
that are no longer active. The default Idle Timeout is 00:15:00 minutes; the
range is 00:00:00 to 23:59:59. The maximum number of days is 29. A setting
of 00:00:00 specifies no Idle Timeout. All sessions check their configuration
at startup time. Therefore, if you change the time of the idle timeout during a
session, the change only affects new sessions and not any existing ones.
been transmitted or received through the connection for the specified amount
of time). When the idle timeout expires, the session is terminated. This option
helps prevent allocation of resources on the Nortel VPN Router for sessions
that are no longer active. The default Idle Timeout is 00:15:00 minutes; the
range is 00:00:00 to 23:59:59. The maximum number of days is 29. A setting
of 00:00:00 specifies no Idle Timeout. All sessions check their configuration
at startup time. Therefore, if you change the time of the idle timeout during a
session, the change only affects new sessions and not any existing ones.
10 Set the Maximum number of failed login attempts to lock out an account.
11 For Access Network Name, specify a source IP address that restricts user
access. Users may tunnel into the Nortel VPN Router only if they are
tunneling from a source IP network defined by the access network. If they
tunnel from a network outside the defined access network, the tunnel is
refused. Access Network Names must be previously defined on the Profiles >
Networks window to appear in the list. Use the link to create an access
network if one does not exist.
tunneling from a source IP network defined by the access network. If they
tunnel from a network outside the defined access network, the tunnel is
refused. Access Network Names must be previously defined on the Profiles >
Networks window to appear in the list. Use the link to create an access
network if one does not exist.
12 Packet filters control the type of access allowed for users in a group, based on
various parameters, including Protocol ID, Direction, IP addresses, Source,