Cisco Systems OL-5532-02 manual Defining the VPN 3000 Access Hours

Page 20

Chapter 4 Remote Access VPN Services

Creating Remote Access VPN Policies

Table 4-8 VPN 300 Editor Fields (continued)

Field Name

Type

Instructions

 

 

 

Allow IPsec

checkbox

The Allow IPsec through NAT option lets you use the Cisco VPN Client to connect

Through NAT

 

to the VPN Concentrator via UDP through a firewall or router that is running NAT.

 

 

Enabling this feature creates runtime filter rules that forward UDP traffic for the

 

 

configured port even if other filter rules on the interface drop UDP traffic. These

 

 

runtime rules exist only while there is an active IPsec through NAT session. The

 

 

system passes inbound traffic to IPsec for decryption and unencapsulation, and then

 

 

passes it on to the destination. The system passes outbound traffic to IPsec for

 

 

encryption and encapsulation, applies a UDP header, and forwards it.

 

 

Check to enable the IPsec client to operate through a firewall using NAT via UDP.

 

 

Uncheck (disable) this option to prevent to IPsec clients from operating through a

 

 

firewall that is using NAT.

 

 

 

IPsec Through NAT

text box

If you selected Allow IPsec Through NAT, enter the UDP port to be used for IPsec

Port

 

traffic, using any port from 4001 to 49151. The default is 10000.

 

 

 

Allow Password

checkbox

Check to allow the IPsec client to store its password locally.

Storage on Client

 

 

 

 

 

Banner

text box

Enter the banner text to display for this group. The banner cannot exceed 512

 

 

characters.

 

 

 

Step 3 Click Next to continue to the VPN 3000 Access Hours page as shown Figure 4-20in the “Defining the VPN 3000 Access Hours” section on page 4-20.

Defining the VPN 3000 Access Hours

For connections made through VPN 3000 devices in your network, you can control when a user has access to your private network through the remote access VPN.

Perform the following steps to restrict user access to specific hours during the day or night:

Step 1 The Remote Access VPN Policy – Access Hours page appears as shown in Figure 4-20.

Figure 4-20 The Remote Access VPN Policy – Access Hours Page

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

4-20

OL-5532-02

 

 

Page 19 Page 21
Image 20
Page 19 Page 21
Contents Remote Access VPN Services Adding AAA Server Devices to Your Repository AAA Servers Timeout NameOwner Select button IP AddressCreating Encryption Policies Click Remote Access VPN Policy PoliciesRemote Access VPN Policy General Editor Group Password Confirm PasswordXAuth Timeout Use ModeAuthentication Default DomainNAT Traversal IKE NAT KeepaliveRemote Access VPN Policy Address Pools Defining Address PoolsNet Mask Starting AddressEnding Address 11 Remote Access VPN Policy Split Tunneling Network List Defining Split Tunneling Networks OptionalSplit Tunneling PolicyGenerate CreateDefining the Remote Access User List Optional 14 The Everything Option for Split TunnelingPassword User IDDefining Cisco IOS Software-Specific Parameters SA Idle TimeoutEnabled SA Idle Timeout Defining PIX Firewall-Specific Parameters Reverse RouteInjection Group LockIdle Timeout Defining VPN 3000-Specific ParametersMax Connect Time Sysopt ConnectionLogins Min Password Only PasswordsAuthentication on SimultaneousDefining the VPN 3000 Access Hours Defining the VPN 3000 L2TP Parameters ControlStart Time End TimeUse Client Address L2TP CompressionRequired Require StatelessMSCHAPv2 SummaryMSCHAPv1 23 The Policies Page with Policy Status Displayed Creating Remote Access VPN Service Requests Description Network-basedIPsec Remote Access PoliciesAAA Servers CPEs29 CPEs Associated with Remote Access Service Dialog Box 31 Add/Remove Templates Dialog Box 32 The Template DataFile Chooser Action ActiveOL-5532-02
Top Page Image Contents