Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

33-60

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 33 Configuring Policy Objects for Remote Access VPNs

Add or Edit User Group Dialog Box

User Group Dialog Box—General Settings

The general settings you configure for your user group include the authentication method, IP address

pool information, and connection attributes for PIX 6.3 Firewalls.

Note These settings apply in Easy VPN and remote access IPSec VPN configurations.

Navigation Path

Select General from the table of contents in the Add or Edit User Group Dialog Box, page 33-58.

Field Reference

Category The category assigned to the object. Categories help you organize and

identify rules and objects. See Using Category Objects, page 6-12.

Table 33-43 User Group Dialog Box (Continued)

Element Description

Table 33-44 User Group Dialog Box—General Settings

Element Description

Preshared Key The preshared key that will be used to authenticate the clients

associated to the user group.

Note You do not have to enter a preshared key if you are using digital

certificates for group authentication.

In regular IPsec VPNs, preshared keys allow for one or more peers to

use individual shared secrets to authenticate encrypted tunnels. A

preshared key must be configured on each participating peer. If one of

the participating peers is not configured with the same preshared key,

the IKE SA cannot be established.

In Easy VPN authentication, the same Easy VPN server key is used for

the spoke configuration to ensure that the server/client keys match.

In remote access IPSec VPN authentication, the same key is used to

negotiate a VPN connection between the remote access VPN server and

the remote clients.

IP Address Pool

Subnet/Ranges

The IP address ranges for a local pool that will be used to allocate an

internal IP address to a client. Remote clients are assigned IP addresses

from this pool. Separate multiple entries with commas. The default is

172.16.0.1-172.16.4.254.

Backup Servers IP Address The IP address of the servers to be used as backups for the Easy VPN

or remote access IPSec VPN server. The router tries to connect to these

servers if the primary connection to the Easy VPN or remote access

VPN server fails. Separate multiple entries with commas.

previous next