Radius dynamic filtering, Crl retrieval scheduling – Panasonic NN46110-600 User Manual

New in this release 13

RADIUS dynamic filtering

You can set up and manage policy filters in the Remote Authentication Dial-In
User Service (RADIUS) server. If you use a RADIUS server to authenticate users,

the VPN Router can retrieve those policy filters from the server. IPsec user
tunnels are dynamically filtered based on attributes returned from the

authenticating RADIUS server. The returned dynamic filters are then prepended

to the groups filter to which the user is bound.

For more information about RADIUS dynamic filtering, see “Configuring
RADIUS dynamic filters” on page 51.

CRL Retrieval Scheduling

With CRL Retrieval Scheduling, the Nortel VPN Router administrator can

configure the time and day that a CRL request is sent to the CRL Server.

The CRL process has disadvantages because it is run at the LDAP priority and it is

very CPU intensive. In environments with heavy volume traffic and very large

LDAP CRLs, the CRL process can cause timeouts and data drops. The

administrator can use the CRL Update Specific Time to avoid these timeouts and

data drops.

You can use the GUI or the CLI to configure CRL Retrieval Scheduling.

For more information about CRL Retrieval Scheduling, see “Configuring CRL
Retrieval Scheduling” on page 88.

Nortel VPN Router Security — Servers, Authentication, and Certificates