Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505

69-8

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

Group Policies

Note If you do not select a protocol, an error message appears.

•Web ACL—(Clientless SSL VPN only) Choose an access control list (ACL) from the drop-down list

if you want to filter traffic. Click Manage next to the list if you want to view, modify, add, or remove

ACLs before making a selection.

•Manage—Displays the ACL Manager dialog box, with which you can add, edit, and delete Access

Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the

ACL Manager, see the online Help for that dialog box.

•IPv4Filter—(Network (Client) Access only) Specifies which access control list to use for an IPv4

connection, or whether to inherit the value from the group policy. Filters consist of rules that

determine whether to allow or reject tunneled data packets coming through the ASA, based on

criteria such as source address, destination address, and protocol. To configure filters and rules, see

the ACL Manager dialog box.

•Manage—Displays the ACL Manager dialog box, with which you can add, edit, and delete Access

Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the

ACL Manager, see the online Help for that dialog box.

•IPv6Filter—(Network (Client) Access only) Specifies which access control list to use for an IPv6

connection, or whether to inherit the value from the group policy. Filters consist of rules that

determine whether to allow or reject tunneled data packets coming through the ASA, based on

criteria such as source address, destination address, and protocol. To configure filters and rules, see

the ACL Manager dialog box.

•Manage—Displays the ACL Manager dialog box, with which you can add, edit, and delete Access

Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the

ACL Manager, see the online Help for that dialog box.

•NAC Policy—Selects the name of a Network Admission Control policy to apply to this group policy.

You can assign an optional NAC policy to each group policy. The default value is --None--.

•Manage—Opens the Configure NAC Policy dialog box. After configuring one or more NAC

policies, the NAC policy names appear as options in the drop-down list next to the NAC Policy

attribute.

•Access Hours—Selects the name of an existing access hours policy, if any, applied to this user or

create a new access hours policy. The default value is Inherit, or, if the Inherit check box is not

checked, the default value is --Unrestricted--.

•Manage—Opens the Browse Time Range dialog box, in which you can add, edit, or delete a time

range.

•Simultaneous Logins—Specifies the maximum number of simultaneous logins allowed for this user.

The default value is 3. The minimum value is 0, which disables login and prevents user access.

Note While there is no maximum limit, allowing several simultaneous connections might

compromise security and affect performance.

•Restrict Access to VLAN—(Optional) Also called “VLAN mapping,” this parameter specifies the

egress VLAN interface for sessions to which this group policy applies. The ASA forwards all traffic

on this group to the selected VLAN. Use this attribute to assign a VLAN to the group policy to

simplify access control. Assigning a value to this attribute is an alternative to using ACLs to filter

traffic on a session. In addition to the default value (Unrestricted), the drop-down list shows only

the VLANs that are configured on this ASA.

Cisco Systems - page 1510

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505