Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
32-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 32 Managing Remote Access VPNs on IOS and PIX 6.3 Devices
Configuring an IPsec Proposal on a Remote Access VPN Server (IOS, PIX 6.3 Devices)
IPsec Proposal Editor (IOS, PIX 6.3 Devices)
Use the IPsec Proposal Editor to create or edit an IPsec proposal for an IOS or PIX 6.3 device, including
Catalyst 6500/7600, in your remote access VPN. The editor has two tabs—General and Dynamic
VTI/VRF Aware IPsec. This topic explains the basic settings on the General tab. For an explanation of
Dynamic VTI/VRF Aware IPsec settings, see Configuring Dynamic VTI/VRF Aware IPsec in Remote
Access VPNs (IOS Devices), page 32-7.
The elements in this dialog box differ according to the selected device. The table below describes the
elements on the General tab in the IPsec Proposal Editor dialog box when a Cisco IOS router, Catalyst
6500/7600, or PIX 6.3 device is selected.
Note For a description of the elements in the dialog box when a PIX 7.0+ or ASA device is selected is selected,
see IPsec Proposal Editor (ASA, PIX 7.0+ Devices), page 30-33.
Navigation Path
(Device view) Select Remote Access VPN > IPSec VPN > IPsec Proposal (IOS/PIX 6.x) from the
Policy selector. Click the Add Row (+) or Edit Row (pencil) buttons.
(Policy view) Select Remote Access VPN > IPSec VPN > IPsec Proposal (IOS/PIX 6.x) from the
Policy Type selector. Select an existing policy or create a new one. Click the Add Row (+) or Edit
Row (pencil) buttons.
Related Topics
Configuring an IPsec Proposal on a Remote Access VPN Server (IOS, PIX 6.3 Devices), page 32-3
Understanding IPsec Proposals, page 25-17
Creating Interface Role Objects, page 6-68
Creating AAA Server Group Objects, page 6-45
Field Reference
Table 32-1 IPsec Proposal Editor, General Tab, IOS and PIX 6.3 Devices
Element Description
External Interface
Note Available only if the selected device is an IOS router.
The external interface through which remote access clients will connect
to the server. Enter the name of the interface or interface role object, or
click Select to select it or to create a new object.
Inside VLAN
Note Available only if the selected device is a Catalyst 6500/7600.
The inside VLAN that serves as the inside interface to the VPN
Services Module (VPNSM), VPN SPA, or VSPA. Click Select to
configure the inside VLAN as explained in VPNSM/VPN SPA/VSPA
Settings Dialog Box, page 32-6.