Cisco Systems OL-5532-02 manual Defining Cisco IOS Software-Specific Parameters, SA Idle Timeout

Page 16

Chapter 4 Remote Access VPN Services

Creating Remote Access VPN Policies

Defining Cisco IOS Software-Specific Parameters

In the Remote Access VPN Policy – Cisco IOS Editor page, you can select the values for the SA idle timeout as well as enable Reverse Route Injection (RRI). It is recommended that you select both the RRI and RRI peer options. In remote access, RRI is used to inject the host route into the routing table for the IP address that was allocated out of the remote access address pool. (RRI uses the host address as the route destination in the route entry of the routing table.) This allows the creation of a static route for a remote, protected network.

Perform the following steps if you are provisioning remote access on Cisco IOS devices in your network:

Step 1 The Remote Access VPN Policy – Cisco IOS Editor page appears as shown in Figure 4-17.

Figure 4-17 The Remote Access VPN Policy – Cisco IOS Editor Page

Step 2

Follow the instructions in Table 4-6to set the Cisco IOS-specific parameters.

 

Table 4-6 Cisco IOS Editor Fields

 

 

 

 

Field Name

 

Type

Instructions

 

 

 

 

SA Idle Timeout

 

checkbox

Check to enable a security association (SA) idle timeout.

Enabled

 

 

 

 

 

 

 

SA Idle Timeout

 

text box

To enable this option, you must first check SA Idle Timeout Enabled, and then you

 

 

 

can enter a timeout value, from 60 to 86,4000 seconds, after which to automatically

 

 

 

delete the IPsec security associations.

 

 

 

 

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

4-16

OL-5532-02

 

 

Page 15 Page 17
Image 16
Page 15 Page 17
Contents Remote Access VPN Services Adding AAA Server Devices to Your Repository AAA Servers Timeout NameOwner Select button IP AddressCreating Encryption Policies Click Remote Access VPN Policy PoliciesRemote Access VPN Policy General Editor Group Password Confirm PasswordXAuth Timeout Use ModeAuthentication Default DomainNAT Traversal IKE NAT KeepaliveRemote Access VPN Policy Address Pools Defining Address PoolsEnding Address Starting AddressNet Mask 11 Remote Access VPN Policy Split Tunneling Network List Defining Split Tunneling Networks OptionalSplit Tunneling PolicyGenerate CreateDefining the Remote Access User List Optional 14 The Everything Option for Split TunnelingPassword User IDEnabled SA Idle Timeout SA Idle TimeoutDefining Cisco IOS Software-Specific Parameters Defining PIX Firewall-Specific Parameters Reverse RouteInjection Group LockIdle Timeout Defining VPN 3000-Specific ParametersMax Connect Time Sysopt ConnectionLogins Min Password Only PasswordsAuthentication on SimultaneousDefining the VPN 3000 Access Hours Defining the VPN 3000 L2TP Parameters ControlStart Time End TimeUse Client Address L2TP CompressionRequired Require StatelessMSCHAPv1 SummaryMSCHAPv2 23 The Policies Page with Policy Status Displayed Creating Remote Access VPN Service Requests IPsec Network-basedDescription Remote Access PoliciesAAA Servers CPEs29 CPEs Associated with Remote Access Service Dialog Box 31 Add/Remove Templates Dialog Box 32 The Template DataFile Chooser Action ActiveOL-5532-02
Top Page Image Contents