29-18
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
Connection URL The URL of the connection profile. This URL provides users with
direct access to the customized portal page.
Select a protocol (http or https) from the list and specify the URL,
including host name or IP address of the ASA device and port number
and the alias used to identify the SSL VPN connection profile.
Note If you do not specify a URL, you can access the portal page by
entering the portal page URL, and then selecting the connection
profile alias from a list of configured connection profile aliases
configured on the device. See SSL VPN Configuration
Wizard—Access Page (ASA), page 29-15.
Global IP Address Pool The address pools from which IP addresses will be assigned to clients
if no pool is specified for the interface to which the client connects.
Address pools are entered as a range of addresses, such as
10.100.12.2-10.100.12.254. The server uses these pools in the order
listed. If all addresses in the first pool have been assigned, it uses the
next pool, and so on. You can specify up to 6 pools.
Enter the address pool ranges or the names of network/host objects that
define these pools. Click Select to select existing network/host objects
or to create new ones. Separate multiple entries with commas.
Authentication Server Group The name of the authentication server group (LOCAL if the tunnel
group is configured on the local device). Enter the name of a AAA
server group object or click Select to select it from a list or to create a
new object.
Use LOCAL if Server Group
Fails
Whether to fall back to the local database for authentication if the
selected authentication server group fails.
Authorization Server Group The name of the authorization server group (LOCAL if the tunnel group
is configured on the local device). Enter the name of a AAA server
group object or click Select to select it from a list or to create a new
object.
Accounting Server Group The name of the accounting server group. Enter the name of a AAA
server group object or click Select to select it from a list or to create a
new object.
Secondary Authentication Whether to enable double authentication, which prompts the user for
two sets of credentials (username and password) before completing the
remote access VPN connection.
• Enable Secondary Authentication—Select this option to require
double authentication.
• Authentication Server Group—The name of the authentication
server group (LOCAL if the tunnel group is configured on the local
device) to be used with the second set of credentials. Enter the
name of a AAA server group object or click Select to select it from
a list or to create a new object.
• Use LOCAL if Server Group Fails—Whether to fall back to the
local database for authentication if the selected authentication
server group fails.
Table 29-3 SSL VPN Configuration Wizard, Connection Profile Page (ASA) (Continued)
Element Description