27-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 27 Easy VPN
Configuring Client Connection Characteristics for Easy VPN
Xauth Credentials Source Select how you want to enter the Xauth credentials for user
authentication when you establish a VPN connection with the server:
• Device Stored Credentials (default)—The username and password
are saved on the device itself in the device’s configuration file to be
used each time the tunnel is established.
• Interactive Entered Credentials—Enables you to manually enter
the username and password each time Xauth is requested, in a web
browser window or from the router console.
For more information, see Easy VPN and IKE Extended Authentication
(Xauth), page 27-4.
Xauth Credentials Available only if you selected Device Stored Credentials as the Xauth
Credentials Source.
The credentials policy object that defines the default Xauth credentials.
Enter the name of the object or click Select to select it from a list or to
create a new object. For more information, see Configuring Credentials
Policy Objects, page 27-9.
Note If you want to configure different Xauth credentials on your
remote client, you must configure the credentials policy object
to allow overrides (select Allow Value Override per Device in
the object definition).
Tunnel Activation (IOS) Available only if you selected the Device Stored Credentials option
for the Xauth password source.
For IOS router clients, select a tunnel activation method:
• Auto (default)—The Easy VPN tunnel is established automatically
when the Easy VPN configuration is delivered to the device
configuration file. If the tunnel times out or fails, the tunnel
automatically reconnects and retries indefinitely.
• Traffic Triggered Activation—The Easy VPN tunnel is
established whenever outbound local (LAN side) traffic is
detected. If you select traffic triggered activation, also enter the
name of the Access Control List (ACL) policy object that defines
the traffic that should activate the tunnel. Click Select to select the
object or to create a new object.
Traffic Triggered Activation is recommended for use when Easy
VPN dial backup is configured so that backup is activated only
when there is traffic to send across the tunnel.
Note Manual tunnel activation is configured implicitly when you
select to configure the Xauth password interactively.
Table 27-1 Easy VPN Client Connection Characteristics Page (Continued)
Element Description