Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
29-26
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
There are several additional connection profile settings that are not configured in the wizard.
Examine the tabs in the Connection Profile dialog box to determine if additional changes are
required.
c. Click OK in the Connection Profiles dialog box to save your changes.
Step 14 (IKEv2 Requirement.) Select the Remote Access VPN > SSL VPN > Access policy and configure at
least the following. For detailed information about configuring an Access policy, see Understanding SSL
VPN Access Policies (ASA), page 30-36.
Add the remote access VPN interface to the access interfaces table.
Select Allow Users to Select Connection Profile in Portal Page.
Select Enable AnyConnect Access.
Step 15 (IKEv2 Requirement.) Select the Remote Access VPN > SSL VPN > Other Settings policy, and click
the Client Settings tab.
In the AnyConnect Client Image table, add an AnyConnect 3.0 or higher client image, one that supports
IKEv2 negotiations.
For more information on configuring client images, see Configuring SSL VPN AnyConnect Client
Settings (ASA), page 30-53.
Step 16 (IKEv2 Requirement.) Select the Remote Access VPN > Global Settings policy, and click the IKEv2
Settings tab.
At minimum, configure the RA Trustpoint for remote access IKEv2 authentication. Enter the name of
the PKI enrollment object that identifies the certificate authority (CA) server or click Select to select the
object or to create a new one.
For more information on configuring IKEv2 global settings, see Configuring VPN Global IKEv2
Settings, page 25-34.
Step 17 (IKEv1, IKEv2 Requirement.) Select the Remote Access VPN > Public Key Infrastructure policy and
ensure that the following PKI enrollment objects are selected:
(IKEv1) The object specified on the IPSec tab of the connection profile, if a trustpoint is configured.
(IKEv2) The object specified on the IKEv2 Settings tab of the Global Settings policy.
Note In the wizard, you might have applied a shared Public Key Infrastructure policy that already
specifies these objects.
Step 18 (IKEv2 Optional.) IKEv2 connections require the use of the AnyConnect 3.0+ client. The AnyConnect
client might need to download files, such as software upgrades, profiles, localization and customization
files, CSD, SCEP, and so forth. The wizard does not enable these types of download.
To enable AnyConnect file downloads:
a. Select Remote Access VPN > IPSec VPN > IPSec Proposal.
b. Select the IPSec proposal created by the wizard, and click Edit Row (pencil) to open the IPSec
Proposal Editor. For information about the various options, see IPsec Proposal Editor (ASA, PIX
7.0+ Devices), page 30-33.
c. Select the Enable Client Services option, and enter a port number if you do not want to use the
default port 443. (You can use the same port number used for SSL VPN or other SSL uses.)
d. Click OK to save your changes.