29-29
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
Trustpoint Name
(IKEv1 only.)
The name of the PKI enrollment policy object that defines the trustpoint
name if any trustpoints are configured for IKEv1 connections. A
trustpoint represents a Certificate Authority (CA)/identity pair and
contains the identity of the CA, CA-specific configuration parameters,
and an association with one enrolled identity certificate.
Click Select to select the object from a list or to create a new object.
Tip This trustpoint is used for IKEv1 negotiations only. To
configure the global trustpoint for IKEv2 negotiations, use the
IKEv2 Settings tab of the Global Settings policy; see
Configuring VPN Global IKEv2 Settings, page 25-34.
IKE Peer ID Validation Select whether IKE peer ID validation is ignored (Do not check),
required, or checked only if supported by a certificate. During IKE
negotiations, peers must identify themselves to one another.
Enable Sending Certificate
Chain
Whether to enable the sending of the certificate chain for authorization.
A certificate chain includes the root CA certificate, identity certificate,
and key pair.
Enable Password Update
with RADIUS
Authentication
When selected, enables passwords to be updated with the RADIUS
authentication protocol.
Whether to enable passwords to be updated with the RADIUS
authentication protocol. For more information, see Supported AAA
Server Types, page 6-25.
ISAKMP Keepalive Whether to monitor ISAKMP keepalive. If you select the Monitor
Keepalive option, you can configure IKE keepalive as the default
failover and routing mechanism. Enter the following parameters:
• Confidence Interval—The number of seconds that a device waits
between sending IKE keepalive packets.
• Retry Interval—The number of seconds a device waits between
attempts to establish an IKE connection with the remote peer. The
default is 2 seconds.
For more information, see Configuring VPN Global ISAKMP/IPsec
Settings, page 25-30.
Client Software Update table
(IKEv1 only.)
The VPN client revision level and URLs for client platforms. You can
configure different revision levels for All Windows Platforms,
Windows 95/98/ME, Windows NT4.0/2000/XP, or the VPN3002
Hardware Client.
To configure the client for a platform, select it, click the Edit Row
button, and fill in the IPSec Client Software Update Dialog Box,
page 30-18.
Table 29-7 Remote Access VPN Configuration Wizard, IPSec VPN Wizard—IPSec Settings (ASA)
Element Description