Filter
Top Products
32-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 32 Managing Remote Access VPNs on IOS and PIX 6.3 Devices
Configuring an IPsec Proposal on a Remote Access VPN Server (IOS, PIX 6.3 Devices)
IKEv1 Transform Sets The transform sets to be used for your tunnel policy. Transform sets
specify which authentication and encryption algorithms will be used to
secure the traffic in the tunnel. You can select up to nine transform sets.
For more information, see Understanding Transform Sets, page 25-19.
If more than one of your selected transform sets is supported by both
peers, the transform set that provides the highest security will be used.
Click Select to select the IPsec transform set policy objects to use in the
topology. If the required object is not yet defined, you can click the
Create (+) button beneath the available objects list in the selection
dialog box to create a new one. For more information, see Configuring
IPSec IKEv1 or IKEv2 Transform Set Policy Objects, page 25-25.
Reverse Route Injection Reverse Route Injection (RRI) enables static routes to be automatically
inserted into the routing process for those networks and hosts protected
by a remote tunnel endpoint. For more information, see Understanding
Reverse Route Injection, page 25-20.
Select one of the following options to configure RRI on the crypto map:
• None—Disables the configuration of RRI on the crypto map.
• Standard—Creates routes based on the destination information
defined in the crypto map access control list (ACL). This is the
default option.
• Remote Peer—Creates two routes, one for the remote endpoint
and one for route recursion to the remote endpoint via the interface
to which the crypto map is applied.
• Remote Peer IP—Specifies an address as the explicit next hop to
the remote VPN device. Enter the IP address or a network/host
object that specifies the address, or click Select to select the
network/host object from a list or to create a new object.
Note If you use network/host objects, you can select the Allow Value
Override per Device option in the object to override the IP
address, if required, for specific devices that use this object.
Group Policy Lookup/AAA
Authorization Method
The AAA authorization method list that will be used to define the order
in which the group policies are searched. Group policies can be
configured on both the local server or on an external AAA server.
Remote users are grouped, so that when the remote client establishes a
successful connection to the VPN server, the group policies for that
particular user group are pushed to all clients belonging to the user
group.
Click Select to open a dialog box that lists all available AAA group
servers, and in which you can create AAA group server objects. Select
all that apply and use the up and down arrow buttons to put them in
priority order.
Table 32-1 IPsec Proposal Editor, General Tab, IOS and PIX 6.3 Devices (Continued)
Element Description