Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
29-27
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
Remote Access VPN Configuration Wizard—IPSec VPN Connection Profile Page (ASA)
Use the Connection Profile page of the Remote Access VPN Configuration wizard to configure the
connection profile policies on your security appliance for a remote access IPSec VPN. You can specify
a name for the connection profile policy that you are adding, select the IKE versions to allow during IKE
negotiations, select the user group policy, specify address pools for this policy, and specify
authentication, authorization, and accounting server group settings.
For more information about using the wizard to configure remote access IPsec VPNs on ASA, see
Creating IPSec VPNs Using the Remote Access VPN Configuration Wizard (ASA and PIX 7.0+
Devices), page 29-24.
Navigation Path
(Device view) Open the Remote Access VPN Configuration Wizard for configuring a remote access
IPsec VPN on an ASA or PIX 7.0+ device (see Using the Remote Access VPN Configuration Wizard,
page 29-13). The IPSec Connection Profile page is the first page that appears.
Field Reference
Table 29-6 Remote Access VPN Configuration Wizard, IPSec Connection Profile Page (ASA)
Element Description
Connection Profile Name The name of the connection profile (tunnel group).
IKE Versions The IKE versions to use during IKE negotiations between the VPN
server and the remote users. IKEv2 is supported on ASA Software
release 8.4(1)+ only; you cannot change the option selection on other
types of device.
Select IKE Version 1, IKE Version 2, or Both (to allow either
version). IKEv2 connections are allowed using Anyconnect clients
only.
Group Policy If required, the name of the ASA group policy object that defines the
default user group associated with the connection profile. A group
policy is a collection of user-oriented attribute/value pairs stored either
internally on the device or externally on a RADIUS/LDAP server.
Click Select to select an existing object or to create a new one.
Tip If you enable IKEv2 for this VPN, there are special
considerations for the group policy you choose. For detailed
information, see Creating IPSec VPNs Using the Remote
Access VPN Configuration Wizard (ASA and PIX 7.0+
Devices), page 29-24.
Global IP Address Pool The address pools from which IP addresses will be assigned to clients
if no pool is specified for the interface to which the client connects.
Address pools are entered as a range of addresses, such as
10.100.12.2-10.100.12.254. The server uses these pools in the order
listed. If all addresses in the first pool have been assigned, it uses the
next pool, and so on. You can specify up to 6 pools.
Enter the address pool ranges or the names of network/host objects that
define these pools. Click Select to select existing network/host objects
or to create new ones. Separate multiple entries with commas.