Cisco Systems OL-5532-02 manual Split Tunneling, Policy, Generate, Create

Page 13

Chapter 4 Remote Access VPN Services

Creating Remote Access VPN Policies

Table 4-4 Split Tunneling Fields

 

Field Name

Type

Instructions

 

 

 

 

 

 

 

Split Tunneling

drop-down

Select one of the following methods for split tunneling:

 

Policy

list

Everything – This option sends all traffic, both VPN-bound traffic and

 

 

 

 

 

 

Internet-bound traffic, through the VPN tunnel to the CPE device. If you select

 

 

 

Everything there are no further values enter, as shown in Figure 4-14.

 

 

 

In List – This option sends only traffic matching the listed networks through the

 

 

 

VPN tunnel to the CPE device. The non-matching traffic is sent to the CPE

 

 

 

device unencrypted. If you select this option, you must click Create or Generate

 

 

 

and create the list of network addresses from which traffic travels through the

 

 

 

IPsec tunnel. All other traffic is sent to the client LAN.

 

 

 

Not In List – Supported for the VPN 3000 only. This option sends all traffic to

 

 

 

addresses in the selected list to the client LAN and sends all other traffic through

 

 

 

the VPN tunnel. If you select this option, you must click Create or Generate and

 

 

 

create the list of network addresses.

 

 

 

 

 

 

Split Tunneling

text box

(Optional) If you want to use a name other than the Cisco IOS or PIX Firewall

 

Name

 

autogenerated name for the list of network addresses for which split tunneling is

 

 

 

enabled, enter the name here.

 

 

 

 

 

 

Generate

Generate

Click Generate if you want to automatically create the list of private subnets from an

 

 

button

existing site-to-site IPsec VPN. Since a VPN may be represented by one or more

 

 

 

service requests, after clicking Generate select all the service requests from which

 

 

 

the list of private subnets is to be extracted. When you click Generate, the Service

 

 

 

Request for Split Tunnel List dialog box appears as shown in Figure 4-12.

 

 

 

Figure 4-12 The Service Request for Split Tunnel List Page

 

 

 

 

 

 

Create

Create

Click Create and the Subnet Address for Split Tunneling dialog box appears as

 

 

button

shown in Figure 4-13. Enter a subnet address for Split Tunneling and click OK.

 

 

 

Figure 4-13 Subnet For Split Tunneling Dialog Box

 

 

 

 

 

 

 

 

 

 

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OL-5532-02

 

 

 

4-13

 

 

 

 

 

 

 

Page 12 Page 14
Image 13
Page 12 Page 14
Contents Remote Access VPN Services Adding AAA Server Devices to Your Repository AAA Servers Name TimeoutOwner Select button IP AddressCreating Encryption Policies Policies Click Remote Access VPN PolicyRemote Access VPN Policy General Editor Confirm Password Group PasswordXAuth Timeout Use ModeDefault Domain AuthenticationNAT Traversal IKE NAT Keepalive Defining Address Pools Remote Access VPN Policy Address PoolsEnding Address Starting AddressNet Mask Defining Split Tunneling Networks Optional 11 Remote Access VPN Policy Split Tunneling Network ListPolicy Split TunnelingGenerate Create14 The Everything Option for Split Tunneling Defining the Remote Access User List OptionalUser ID PasswordEnabled SA Idle Timeout SA Idle TimeoutDefining Cisco IOS Software-Specific Parameters Reverse Route Defining PIX Firewall-Specific ParametersInjection Group LockDefining VPN 3000-Specific Parameters Idle TimeoutMax Connect Time Sysopt ConnectionOnly Passwords Logins Min PasswordAuthentication on SimultaneousDefining the VPN 3000 Access Hours Control Defining the VPN 3000 L2TP ParametersStart Time End TimeL2TP Compression Use Client AddressRequired Require StatelessMSCHAPv1 SummaryMSCHAPv2 23 The Policies Page with Policy Status Displayed Creating Remote Access VPN Service Requests IPsec Network-basedDescription Policies Remote AccessAAA Servers CPEs29 CPEs Associated with Remote Access Service Dialog Box 31 Add/Remove Templates Dialog Box 32 The Template DataFile Chooser Active ActionOL-5532-02
Top Page Image Contents