64-106
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 64 General VPN Setup
Advanced Easy VPN Properties
• Easy VPN Server To Be Added—Adds or removes an Easy VPN server. Any ASA or VPN 3000
Concentrator Series can act as a Easy VPN server. A server must be configured before a connection
can be established. The adaptive security appliance supports IPv4 addresses, the names database, or
DNS names and resolves addresses in that order. The first server in the Easy VPN Server(s) list is
the primary server. You can specify a maximum of ten backup servers in addition to the primary
server.
–
Name or IP Address—The name or IP address of an Easy VPN server to add to the list.
–
Add—Moves the specified server to the Easy VPN Server(s) list.
–
Remove—Moves the selected server from the Easy VPN Server(s) list to the Name or IP
Address file. Once you do this, however, you cannot re-add the same address unless you re-enter
the address in the Name or IP Address field.
–
Easy VPN Server(s)—Lists the configured Easy VPN servers in priority order.
–
Move Up/Move Down—Changes the position of a server in the Easy VPN Server(s) list. These
buttons are available only when there is more than one server in the list.
Modes
The following table shows the modes in which this feature is available:
Advanced Easy VPN Properties
Device Pass-Through
Certain devices like Cisco IP phones, printers, and the like are incapable of performing authentication,
and therefore of participating in individual unit authentication. To accommodate these devices, the
device pass-through feature, enabled by the MAC Exemption attributes, exempts devices with the
specified MAC addresses from authentication when Individual User Authentication is enabled.
The first 24 bits of the MAC address indicate the manufacturer of the piece of equipment. The last 24
bits are the unit’s serial number in hexadecimal format.
Tunneled Management
When operating an ASA model 5505 device behind a NAT device, use the Tunneled Management
attributes to specify how to configure device management— in the clear or through the tunnel—and
specify the network or networks allowed to manage the Easy VPN Remote connection through the
tunnel. The public address of the ASA 5505 is not accessible when behind the NAT device unless you
add static NAT mappings on the NAT device.
When operating a Cisco ASA 5505 behind a NAT device, use the vpnclient management command to
specify how to configure device management— with additional encryption or without it—and specify
the hosts or networks to be granted administrative access. The public address of the ASA 5505 is not
accessible when behind the NAT device unless you add static NAT mappings on the NAT device.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
