Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

30-34

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices

Working with IPSec VPN Policies

Navigation Path

• (Device view) Select Remote Access VPN > IPSec VPN > IPsec Proposal (ASA/PIX 7.x) from

the Policy selector. Click the Add Row (+) or Edit Row (pencil) buttons.

• (Policy view) Select Remote Access VPN > IPSec VPN > IPsec Proposal (ASA/PIX 7.x) from the

Policy Type selector. Select an existing policy or create a new one. Click the Add Row (+) or Edit

Row (pencil) buttons.

Related Topics

• Configuring an IPsec Proposal on a Remote Access VPN Server (ASA, PIX 7.0+ Devices),

page 30-33

• Understanding IPsec Proposals, page 25-17

• Creating Interface Role Objects, page 6-68

• Creating AAA Server Group Objects, page 6-45

Field Reference

Table 30-15 IPsec Proposal Editor, ASA and PIX 7.0+ Devices)

Element Description

External Interface The external interface through which remote access clients will connect

to the server. Enter the name of the interface or interface role object, or

click Select to select it or to create a new object.

Enable IKEv1

Enable IKEv2

The IKE versions to use during IKE negotiations. IKEv2 is supported

on ASA Software release 8.4(1)+ only with Anyconnect 3.0+ clients.

Select either or both options as appropriate.

Enable Client Services

Client Services Port Number

Available only if you enable IKEv2.

Whether to enable the Client Services Server on the ASA for this

connection. The Client Services Server provides HTTPS (SSL) access

to allow the AnyConnect Downloader to receive software upgrades,

profiles, localization and customization files, CSD, SCEP, and other

file downloads required by the AnyConnect client. If you select this

option, specify the client services port number, which is 443 by default.

If you do not enable the Client Services Server, users will not be able

to download any of these files that the AnyConnect client might need.

Tip You can use the same port that you use for SSL VPN running

on the same device. Even if you have an SSL VPN configured,

you must select this option to enable file downloads over SSL

for IKEv2 IPsec clients.

previous next