Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

33-8

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 33 Configuring Policy Objects for Remote Access VPNs

ASA Group Policies Dialog Box

ASA Group Policies IPSec Settings

Use the IPsec settings to specify tunneling protocols, filters, connection settings, and servers for the ASA

group policy for Easy VPN or remote access IPSec VPN. This creates security associations that govern

authentication, encryption, encapsulation, and key management.

Navigation Path

Select Easy VPN/IPSec VPN > IPsec from the table of contents in the ASA Group Policies Dialog Box,

page 33-1.

Enable LEAP Bypass Whether to enable Lightweight Extensible Authentication Protocol

(LEAP) packets from wireless devices behind a VPN hardware client to

travel across a VPN tunnel prior to user authentication. This action lets

workstations using Cisco wireless access point devices establish LEAP

authentication and then authenticate again per user authentication.

Note LEAP is an 802.1X wireless authentication method that

implements mutual authentication between a wireless client on

one side of a connection and a RADIUS server on the other

side. The credentials used for authentication, including a

password, are always encrypted before they are transmitted

over the wireless medium.

Allow Network Extension

Mode

Whether to enable network extension mode for hardware clients.

Network extension mode lets hardware clients present a single, routable

network to the remote private network over the VPN tunnel. IPsec

encapsulates all traffic from the private network behind the hardware

client to networks behind the security appliance. PAT does not apply.

Devices behind the security appliance have direct access to devices on

the private network behind the hardware client over the tunnel, and only

over the tunnel, and vice versa. The hardware client must initiate the

tunnel, but after the tunnel is up, either side can initiate data exchange.

Idle Timeout Mode How to handle periods of inactivity from individual clients:

• Specified Timeout—If there is no communication activity by a user

behind a hardware client for the number of minutes you specify, the

security appliance terminates the client’s access. Values are

1-35791394 minutes.

• Unlimited Timeout—User sessions are not terminated due to

inactivity.

Table 33-4 ASA Group Policies Hardware Client Attributes (Continued)

Element Description

previous next