Page 80
Appendix B Site-to-Site VPN User Interface Reference
Site to Site VPN Policies
Table B-26 Easy VPN Server > Tunnel Group Policy (PIX 7.0/ASA) Page > IPSec Tab (continued)
Element | Description |
| |
Authorization Settings | |
| |
Use Entire DN as the Username | Select to use the entire Distinguished Name (DN) as the identifier |
| for the username. |
| A distinguished name (DN) is a unique identification, made up of |
| individual fields, that can be used as the identifier when matching |
| users to a tunnel group. DN rules are used for enhanced certificate |
| authentication on PIX Firewalls and ASA devices. |
| |
Specify Individual DN fields as | Select to use individual DN fields as the username when matching |
the Username | users to the tunnel group. |
| A DN certificate is made up of different field identifiers to match |
| users to tunnel groups. |
| |
Primary DN field | Available if you selected to use individual DN fields as the |
| username. |
| Select the primary DN field identifier to be used for identification |
| from the list. |
| |
Secondary DN field | Available if you selected to use individual DN fields as the |
| username. |
| Select the secondary DN field indentifier to be used for |
| identification. Select None if no secondary field identifier is |
| required. |
| |
Save button | Saves your changes to the server but keeps them private. |
| Note To publish your changes, click the Submit button on the |
| toolbar. |
| |
Close button | Closes the Site-to-Site VPN window. |
| |
Help button | Opens help for this tab. |
| |
Tunnel Group Policy > Advanced Tab
Use the Advanced tab of the PIX7.0/ASA Tunnel Group Policy page to specify interface-specific information for your tunnel group.
| User Guide for Cisco Security Manager 3.0.1 |
B-80 | OL-8214-02 |
Contents
Site-to-Site VPN User Interface Reference
Understanding VPN Topologies,
Working with VPN Topologies,
B-37
VPN Summary
B-3 and Peers Page, page B-7
Configuring High Availability in Your VPN Topology,
Configuring VRF-Aware IPSec Settings,
Configuring an IKE Proposal,
Configuring IPSec Proposals,
Understanding IPSec Technologies and Policies,
Topology. See IKE Proposal Page, page B-37
See IPSec Proposal Page, page B-39
B-53
IPSec Tab, page B-28
See GRE Modes Page, page B-59
High Availability Page, page B-34
Peers
Managing VPN Devices in Device View,
Create VPN Wizard
Topology. See Device Selection Page, page B-10
Name and Technology
Device Selection
Editing a VPN Topology,
Defining a Name and IPSec Technology,
B-10
Navigation Path
Page, page B-9
Endpoints
See VPN Interface Tab, page B-17
B-34
Tab, page B-24
See Edit Endpoints Dialog Box, page B-16
Edit Endpoints Dialog Box
VPN Interface Tab
Procedure for Configuring a Vpnsm or VPN SPA Blade,
Information, see Interface Roles Page, page C-126
IP Address for IPSec Termination -To enter manually the IP
More information, see Interface Roles Page, page C-126
More information, see Configuring Dialer Interfaces on
Cisco IOS Routers,
Defining VPN Services Module Vpnsm or VPN SPA Settings
Box, page B-32
VPN SPA Blade,
For more information, see Adding VPN SPA Slot Locations
Protected Networks Tab
IP Address for IPSec Termination-To enter manually the IP
Table B-9 Edit Endpoints Dialog Box Protected Networks Tab
More information, see Editing Access Control List Objects
Fwsm Tab
More information, see Editing Interface Role Objects,
Information, see Editing Network/Host Objects,
Table B-10 Edit Endpoints Dialog Box Fwsm Tab
VRF Aware IPSec Tab
For more information, see Interface Roles Page, page C-126
Table B-11 Edit Endpoints Dialog Box VRF Aware IPSec Tab
Solution,
IPSec Two-Box Solution,
C-126
Routers
Dial Backup Settings Dialog Box
Summary page. See VPN Summary Page, page B-3
Table B-12 Dial Backup Settings Dialog Box
High Availability
Table B-13 Create VPN wizard High Availability
Policy configured. See VPN Summary Page, page B-3
For more information, see Enabling Stateful Failover,
Site to Site VPN Policies
IKE Proposal
More information, see IKE Proposal Dialog Box, page C-123
Site-to-Site VPN Policies in Policy View,
Understanding Preshared Key Policies,
C-123
IPSec Proposal
IKE,
Shared Site-to-Site VPN Policies in Policy View,
For more information, see About Crypto Maps,
IPSec Transform Sets Page, page C-130
For more information, see About Transform Sets,
To Use,
Element Description
VPN Global Settings
ISAKMP/IPSec Settings Tab
Configuring VPN Global Settings,
For more information, see About IKE Keepalive,
See Understanding IKE,
Appendix B Site-to-Site VPN User Interface Reference
NAT Settings Tab
VPN Global Settings Page, page B-44 Understanding NAT,
For more information, see About NAT Traversal,
NAT,
General Settings Tab
For more information, see Understanding Fragmentation
Select the required setting for the DF bit
Preshared Key
Table B-19 Preshared Key
Element Description
Negotiation Method
Public Key Infrastructure
Attributes,
Working with PKI Enrollment Objects,
C-140
FlexConfig see Working with FlexConfigs,
GRE Modes
Table B-21 GRE Modes Page GRE or GRE Dynamic IP Policy
GRE?,
OL-8214-02
Configuring Cisco IOS Router Interfaces,
OL-8214-02
Configuration of GRE,
For more information, see Prerequisites for Successful
Element Description
Preshared Key Policies,
For more information, see Configuring Cisco IOS Router
Interfaces,
Easy VPN IPSec Proposal
Understanding Easy VPN,
For more information, see Understanding NAT,
More information, see Working with AAA Server Group Objects
Device Access Policies,
Group Objects,
For more information, see Editing User Group Objects,
User Group Policy
Working with User Group Objects,
Tunnel Group Policy PIX 7.0/ASA
Tunnel Group Policy General Tab
For more information, see Working with ASA User Groups
Client Address Assignment
Tunnel Group Policy IPSec Tab
Network/Host Objects,
For more information, see Supported AAA Server Types
Tunnel Group Policy Advanced Tab
More information, see Working with Interface Role Objects
Tunnel Group Policy Client VPN Software Update Tab
Tunnel Group Policy PIX 7.0/ASA
Client Connection Characteristics
Table B-29 Easy VPN Remote Client Connection Characteristics
About Locking in Site-to-Site VPN Topologies,
Working with Site-to-Site VPN Policies,
For more information, see Deleting a VPN Topology,
See Site to Site VPN Policies, page B-37
For more information, see About Editing a VPN Topology
OL-8214-02
OL-8214-02
