Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

33-7

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 33 Configuring Policy Objects for Remote Access VPNs

ASA Group Policies Dialog Box

ASA Group Policies Hardware Client Attributes

Use the Hardware Client Attributes settings to configure the VPN 3002 Hardware Client settings for the

ASA group policy in an Easy VPN or remote access IPSec VPN.

Navigation Path

Select Easy VPN/IPSec VPN > Hardware Client Attributes from the table of contents in the ASA

Group Policies Dialog Box, page 33-1.

Field Reference

Custom Firewall The attributes that define the required or optional firewall if you select

custom firewall as the firewall type:

• Vendor ID—The number that identifies the vendor of the custom

firewall. Values are 1-255.

• Product ID—The number that identifies the product or model of

the custom firewall. Values are 1-32 or 255. Multiple ranges are

allowed, for example, 4-12, 24-32. Use 255 for all supported

products.

• Description—An optional description of the custom firewall, for

example, the name of the vendor and product.

Table 33-3 ASA Group Policies Client Firewall Attributes (Continued)

Element Description

Table 33-4 ASA Group Policies Hardware Client Attributes

Element Description

Require Interactive Client

Authentication

Whether to enable secure unit authentication, which provides

additional security by requiring VPN hardware clients to authenticate

with a username and password each time that the client initiates a

tunnel. The hardware client does not have a saved username and

password.

Note Secure unit authentication requires that you have an

authentication server group configured for the tunnel group the

hardware clients use. If you require secure unit authentication

on the primary security appliance, be sure to configure it on any

backup servers as well.

Require Individual User

Authentication

Whether to require that individual users behind a hardware client

authenticate to gain access to the network across the tunnel. Individual

users authenticate according to the order of authentication servers that

you configure.

If you do not select this option, the security appliance allows

inheritance of a value for user authentication from another group

policy.

Enable Cisco IP Phone

Bypass

Whether to allow IP phones behind hardware clients to connect without

undergoing a user authentication processes. Secure unit authentication

remains in effect for other users.

previous next