Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

33-67

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 33 Configuring Policy Objects for Remote Access VPNs

Add or Edit User Group Dialog Box

User Group Dialog Box—Clientless Settings

Use the Clientless settings to configure the clientless mode of access to the corporate network in an SSL

VPN.

In clientless access mode, once a user is authenticated and a session is established, an SSL VPN portal

page and toolbar is displayed on the user’s web browser. From the portal page, the user can access all

available HTTP sites, access web e-mail, and browse Common Internet File System (CIFS) file servers.

Navigation Path

Select Clientless from the table of contents in the Add or Edit User Group Dialog Box, page 33-58.

Related Topics

• Create Group Policy Wizard—Clientless and Thin Client Access Modes Page, page 29-22

Enable Device Pass-Through Whether to use Media Access Control (MAC) addresses to bypass

authentication for devices, such as Cisco IP phones, that do not support

AAA authentication.

When MAC-based AAA exemption is enabled, the device bypasses the

AAA server for traffic that matches both the MAC address of the device

and the IP address that was dynamically assigned by a DHCP server.

Authorization services are disabled automatically when you bypass

authentication. Accounting records continue to be generated (if

enabled), but the username is not displayed.

Enable Secure Unit

Authentication

Whether to provide increased security when allowing access to the

device from a remote client.

With Secure Unit Authentication (SUA), you can use one-time

passwords, two-factor authentication, and similar authentication

schemes to authenticate the remote device during Extended

Authentication (Xauth).

SUA is specified in the VPN policy on the device and is downloaded to

the remote client. This enables SUA and determines the connection

behavior of the remote client.

Enable User Authentication Whether to enable Individual User Authentication (IUA), which

supports individually authenticating clients on the inside network of the

remote access VPN, based on the IP address of each inside client. IUA

supports both static and OTP authentication mechanisms.

Table 33-50 User Group Dialog Box—Advanced PIX Options (Continued)

Element Description

previous next