Filter
Top Products
25-36
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Configuring VPN Global Settings
Enable Cookie Challenge Whether to send cookie challenges to peer devices in response to SA
initiate packets, which can help thwart denial of service (DoS) attacks.
The default is to use cookie challenges when 50% of the available SAs
are in negotiation. Select one of these options:
• Custom—Cookie challenge when the number of SAs in
negotiation exceeds the total number of allowed SAs on the device
based on percentage (SAs in negotiation as a percentage of total
allowed SAs). In Custom Cookie Challenge, enter the percentage
that triggers cookie challenges for any future SA negotiations. The
range is 1 to 100%. The default is 50%.
• Never—The device never uses cookie challenge.
• Always—The device always uses cookie challenge, regardless of
the percentage of SAs in negotiation.
Remote Access
Authentication
RA Trustpoint
(Remote access VPN only.)
(Required when supporting IKEv2 negotiations.) The PKI enrollment
object that identifies the Certificate Authority (CA) server that the
device can use to authenticate itself to the remote user. This
authorization is required before the user can select a connection profile
and log into the VPN. This CA server is used in remote access IKEv2
IPsec VPNs only. Click Select to select the object or to create a new
one.
Tip You must also select this PKI enrollment object in the Remote
Access VPN > Public Key Infrastructure policy.
Table 25-6 VPN Global Settings Page, IKEv2 Settings Tab (Continued)
Element Description