64-91
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 64 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
–
Interface—Lets you select the interface name. The default interfaces are inside and outside, but
if you have configured a different interface name, that name also appears in the list.
–
Authentication Mode—Lets you select the authentication mode, none, xauth, or hybrid, as
above.
–
Interface/Authentication Mode table—Shows the interface names and their associated
authentication modes that are selected.
–
Add—Adds an interface/authentication mode pair selection to the Interface/Authentication
Modes table.
–
Remove—Removes an interface/authentication mode pair selection from the
Interface/Authentication Modes table.
• Client VPN Software Update Table—Lists the client type, VPN Client revisions, and image URL
for each client VPN software package installed. For each client type, you can specify the acceptable
client software revisions and the URL or IP address from which to download software upgrades, if
necessary. The client update mechanism (described in detail under the Client Update dialog box)
uses this information to determine whether the software each VPN client is running is at an
appropriate revision level and, if appropriate, to provide a notification message and an update
mechanism to clients that are running outdated software.
–
Client Type—Identifies the VPN client type.
–
VPN Client Revisions—Specifies the acceptable revision level of the VPN client.
–
Image URL—Specifies the URL or IP address from which the correct VPN client software
image can be downloaded. For dialog boxes-based VPN clients, the URL must be of the form
http:// or https://. For ASA 5505 in client mode or VPN 3002 hardware clients, the URL must
be of the form tftp://.
Modes
The following table shows the modes in which this feature is available:
Add/Edit Tunnel Group for Site-to-Site VPN
The Add or Edit Tunnel Group dialog box lets you configure or edit tunnel group parameters for this
Site-to-Site connection profile.
Fields
• Certificate Settings—Sets the following certificate chain and IKE peer validation attributes:
–
Send certificate chain—Enables or disables sending the entire certificate chain. This action
includes the root certificate and any subordinate CA certificates in the transmission.
–
IKE Peer ID Validation—Selects whether IKE peer ID validation is ignored, required, or
checked only if supported by a certificate.
• IKE Keep Alive—Enables and configures IKE (ISAKMP) keepalive monitoring.
–
Disable Keepalives—Enables or disables IKE keep alives.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
Need help?
General
