Chapter21 Cisco IOS SSLVPN
Additional Help Topics
21-42
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
another reachable IP address if one is available. Either a digit al certificate or a
self-signed certificate must be configured for gateways to use. All gateways on the
router can use the same certificate.
Although one gateway can serve multiple Cisco IOS SSL VPN contexts, resource
constraints and IP address reachability must be taken into account.
CiscoIOS SSL VPN Policies
Cisco IOS SSLVPN group policies allow you to accomm odate the needs of
different groups of users. A group of engineers working remotely needs access to
different network resources than sales personnel working in the field. Business
partners and outside vendors must access the information they need to work with
your organization, but you must ensure that they do not have access to confidential
information or other resources they do not need. Creating a different policy for
each of these groups allows you provide remote users with the resources they
need, and prevent them from accessing other resources.
When you configure a group policy, resources such as URL lists, Port Forwarding
lists, and NetBIOS name server lists configured for the policy’s associated context
are available for selection.
If there is more than one group policy configured on the rou ter, you must
configure the router to use a AAA server to authenticate users and to determine
which policy group a particular user belongs to. Click Learn More About Group
Policies for more information.
Example
In this example, a user clicks Create a new SSL VPN and uses the wizard to
create the first CiscoIOS SSL VPN configuration on the router. Completing this
wizard creates a new context, gateway, and group policy. The following table
contains the information the user enters in each wizard window, and the
configuration that Cisco SDM creates with that information.