Cisco Systems OL-5532-02 manual Remote Access VPN Services

Page 1

C H A P T E R 4

Remote Access VPN Services

This chapter contains the following sections:

•Creating Remote Access VPN Services, page 4-1

•Adding AAA Server Devices to Your Repository, page 4-2

•Creating Encryption Policies, page 4-5

•Creating Remote Access VPN Policies, page 4-5

•Creating Remote Access VPN Service Requests, page 4-25

Creating Remote Access VPN Services

Remote Access VPN tunnels are initiated by a VPN Client and terminated at the secure network edge, as illustrated in Figure 4-1. (The blue lines represent the Remote Access VPN tunnels.)

Figure 4-1 Remote Access VPNs

To begin the remote access provisioning process, the network administrator defines an encryption policy, a remote access VPN policy, and (optionally) configures a AAA server (pronounced “Triple A server”). The remote access policy is then applied to CPE devices in the network through deployment of a remote access service request that uses the remote access policy.

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

	OL-5532-02	4-1

Image 1

Contents Remote Access VPN Services Adding AAA Server Devices to Your Repository AAA Servers Name TimeoutOwner Select button IP AddressCreating Encryption Policies Policies Click Remote Access VPN PolicyRemote Access VPN Policy General Editor Confirm Password Group PasswordXAuth Timeout Use ModeDefault Domain AuthenticationNAT Traversal IKE NAT KeepaliveDefining Address Pools Remote Access VPN Policy Address PoolsEnding Address Starting AddressNet Mask Defining Split Tunneling Networks Optional 11 Remote Access VPN Policy Split Tunneling Network ListPolicy Split TunnelingGenerate Create14 The Everything Option for Split Tunneling Defining the Remote Access User List OptionalUser ID PasswordEnabled SA Idle Timeout SA Idle TimeoutDefining Cisco IOS Software-Specific Parameters Reverse Route Defining PIX Firewall-Specific ParametersInjection Group LockDefining VPN 3000-Specific Parameters Idle TimeoutMax Connect Time Sysopt ConnectionOnly Passwords Logins Min PasswordAuthentication on SimultaneousDefining the VPN 3000 Access Hours Control Defining the VPN 3000 L2TP ParametersStart Time End TimeL2TP Compression Use Client AddressRequired Require StatelessMSCHAPv1 SummaryMSCHAPv2 23 The Policies Page with Policy Status Displayed Creating Remote Access VPN Service Requests IPsec Network-basedDescription Policies Remote AccessAAA Servers CPEs29 CPEs Associated with Remote Access Service Dialog Box 31 Add/Remove Templates Dialog Box 32 The Template DataFile Chooser Active ActionOL-5532-02