Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Easy VPN Remote

69-114

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

Easy VPN Remote

Fields

•Server IP address—Type the IP address of the Integrity Server. Use dotted decimal notation.

•Add—Adds a new server IP address to the list of Integrity Servers. This button is active when an

address is entered in the Server IP address field.

•Delete—Deletes the selected server from the list of Integrity Servers.

•Move Up—Moves the selected server up in the list of Integrity Servers. This button is available only

when there is more than one server in the list.

•Move Down—Moves the selected server down in the list of Integrity Servers. This button is

available only when there is more than one server in the list.

•Server Port—Type the ASA port number on which it listens to the active Integrity server. This field

is available only if there is at least one server in the list of Integrity Servers. The default port number

is 5054, and it can range from 10 to 10000. This field is only available when there is a server in the

Integrity Server list.

•Interface—Choose the interface ASA interface on which it communicates with the active Integrity

Server. This interface name menu is only available when there is a server in the Integrity Server list.

•Fail Timeout—Type the number of seconds that the ASA should wait before it declares the active

Integrity Server to be unreachable. The default is 10 and the range is from 5 to 20.

•SSL Certificate Port: Specify the ASA port to be used for SSL Authorization. The default is port 80.

•Enable SSL Authentication—Check to enable authentication of the remote client SSL certificate by

the ASA. By default, client SSL authentication is disabled.

•Close connection on timeout—Check to close the connection between the ASA and the Integrity

Server on a timeout. By default, the connection remains open.

•Apply—Click to apply the Integrity Server setting to the ASA running configuration.

•Reset—Click to remove Integrity Server configuration changes that have not yet been applied.

Modes

The following table shows the modes in which this feature is available:

Easy VPN Remote

Easy VPN Remote lets the ASA 5505 act as an Easy VPN client device. The ASA 5505 can then initiate

a VPN tunnel to an Easy VPN server, which can be an ASA, a Cisco VPN 3000 Concentrator, a Cisco

IOS-based router, or a firewall acting as an Easy VPN server.

The Easy VPN client supports one of two modes of operation: Client Mode or Network Extension Mode

(NEM). The mode of operation determines whether the Easy VPN Client inside hosts are accessible from

the Enterprise network over the tunnel. Specifying a mode of operation is mandatory before making a

connection because Easy VPN Client does not have a default mode.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

•—•——

Cisco Systems Easy VPN Remote