Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

33-65

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 33 Configuring Policy Objects for Remote Access VPNs

Add or Edit User Group Dialog Box

User Group Dialog Box—IOS Client VPN Software Update

Client VPN Software Update (IOS) settings configure, for an IOS VPN client, the platform type, VPN

Client revisions, and image URL for each client VPN software package installed, for your user group.

The Client Update feature is supported on IOS routers version 12.4(2)T and later, and Catalyst

6500/7600 devices version 12.2(33)SRA and later.

• To add a client, click the Add Row button to open the Add/Edit Client Update Dialog Box,

page 33-65.

• To edit a client, select it and click the Edit Row button.

• To delete a client, select it and click the Delete Row button.

Note These settings apply in Easy VPN and remote access VPN configurations.

Navigation Path

Select Client VPN Software Update (IOS) from the table of contents in the Add or Edit User Group

Dialog Box, page 33-58.

Add/Edit Client Update Dialog Box

Use the Add or Edit Client Update dialog box to configure the platform type, image URL, and VPN

Client revisions for a client VPN software package.

Enable Group-Lock Whether to enable group lock, which requires that the user enter the

extended Xauth username in one of the following formats:

• username/groupname

• username\groupname

• username@groupname

• username%groupname

The group that is specified after the delimiter is then compared to the

group identifier that is sent during IKE aggressive mode. The groups

must match or the connection is rejected.

Note Do not select this option if you are using RSA signature

authentication mechanisms such as certificates.

Enable Save Password Whether to allow users to save their Xauth password locally on the

client. On subsequent authentications, users can activate the password

by using the check box on the software client or by adding the username

and password to the Cisco IOS hardware client profile. After users

activate the password, their username and password are sent to the

server automatically during Xauth.

This option is useful only if users have static passwords, that is, they

are not one-time passwords such as those that are generated by a token.

Table 33-48 User Group Dialog Box—IOS Xauth Options (Continued)

Element Description

previous next