Filter
Top Products
30-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Configuring Connection Profiles (ASA, PIX 7.0+)
the connection is denied. Both the AnyConnect VPN client (SSL VPN or IKEv2 IPSec VPN) and
Clientless SSL VPN support double authentication. The AnyConnect client supports double
authentication on Windows computers (including supported Windows Mobile devices and Start Before
Login), Mac computers, and Linux computers.
This procedure describes how to create or edit connection profiles on your remote access VPN server
using the Connection Profile policy.
Note You can also create connection profiles from the Remote Access VPN Configuration wizard; see Using
the Remote Access VPN Configuration Wizard, page 29-13. For information on connection profiles in
Easy VPN site-to-site topologies, see Configuring a Connection Profile Policy for Easy VPN,
page 27-13.
Related Topics
• Discovering Remote Access VPN Policies, page 29-12
Step 1 Do one of the following:
• (Device view) With an ASA or PIX 7.0+ device selected, select Remote Access VPN > Connection
Profiles from the Policy selector.
• (Policy view) Select Remote Access VPN > Connection Profiles (ASA) from the Policy Type
selector. Select an existing policy or create a new one.
The Connection Profiles page opens. The policy lists all connection profiles and shows the group policy
used in the profile. For more information, see Connection Profiles Page, page 30-8.
Step 2 Click Add Row (+) beneath the table, or select a profile and click Edit Row (pencil). The Connection
Profiles dialog box opens.
Step 3 (All remote access VPN types.) On the General tab, specify the connection profile name and group
policies and select which method (or methods) of address assignment to use. For a detailed explanation
of the configuration, see General Tab (Connection Profiles), page 30-9.
Step 4 (All remote access VPN types.) Click the AAA tab to specify the AAA authentication parameters for the
connection profile. For a detailed explanation of the configuration, see AAA Tab (Connection Profiles),
page 30-11.
Step 5 (Remote access IKEv2 IPsec and SSL VPN only.) If you are setting up a connection profile on an ASA
device, you can configure secondary authentication. To do so, click the Secondary AAA tab. For a
detailed explanation of the configuration, see Secondary AAA Tab (Connection Profiles), page 30-14.
Step 6 (Remote access IPsec VPN only.) Click the IPsec tab to specify IPsec and IKE parameters for the
connection profile. Some of these settings apply to IKEv1 but not to IKEv2 connections. For a detailed
explanation of the configuration, see IPSec Tab (Connection Profiles), page 30-16.
Note To configure IKEv2 settings, use the IKEv2 Settings tab of the Global Settings policy; see
Configuring VPN Global IKEv2 Settings, page 25-34.
Step 7 (Remote access SSL VPN only.) Click the SSL tab to specify the WINS servers for the connection
profile policy, select a customized look and feel for the SSL VPN end-user logon web page, specify
DHCP servers to be used for client address assignment, and establish an association between an interface
and client IP address pools. For a detailed explanation of the configuration, see SSL Tab (Connection
Profiles), page 30-18.