Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Advanced Easy VPN Properties

69-116

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

Advanced Easy VPN Properties

–

Send certificate chain—Enables sending a certificate chain, not just the certificate itself. This

action includes the root certificate and any subordinate CA certificates in the transmission.

•User Settings—Configures user login information.

–

User Name—Configures the VPN username for the Easy VPN Remote connection. Xauth

provides the capability of authenticating a user within IKE using TACACS+ or RADIUS. Xauth

authenticates a user (in this case, the Easy VPN hardware client) using RADIUS or any of the

other supported user authentication protocols. The Xauth username and password parameters

are used when secure unit authentication is disabled and the server requests Xauth credentials.

If secure unit authentication is enabled, these parameters are ignored, and the ASA prompts the

user for a username and password.

–

User Password—Configures the VPN user password for the Easy VPN Remote connection.

–

Confirm Password—Requires you to confirm the user password just entered.

•Easy VPN Server To Be Added—Adds or removes an Easy VPN server. Any ASA or VPN 3000

Concentrator Series can act as a Easy VPN server. A server must be configured before a connection

can be established. The ASA supports IPv4 addresses, the names database, or DNS names and

resolves addresses in that order. The first server in the Easy VPN Server(s) list is the primary server.

You can specify a maximum of ten backup servers in addition to the primary server.

–

Name or IP Address—The name or IP address of an Easy VPN server to add to the list.

–

Add—Moves the specified server to the Easy VPN Server(s) list.

–

Remove—Moves the selected server from the Easy VPN Server(s) list to the Name or IP

Address file. Once you do this, however, you cannot re-add the same address unless you re-enter

the address in the Name or IP Address field.

–

Easy VPN Server(s)—Lists the configured Easy VPN servers in priority order.

–

Move Up/Move Down—Changes the position of a server in the Easy VPN Server(s) list. These

buttons are available only when there is more than one server in the list.

Modes

The following table shows the modes in which this feature is available:

Advanced Easy VPN Properties

Device Pass-Through

Certain devices like Cisco IP phones, printers, and the like are incapable of performing authentication,

and therefore of participating in individual unit authentication. To accommodate these devices, the

device pass-through feature, enabled by the MAC Exemption attributes, exempts devices with the

specified MAC addresses from authentication when Individual User Authentication is enabled.

The first 24 bits of the MAC address indicate the manufacturer of the piece of equipment. The last 24

bits are the unit’s serial number in hexadecimal format.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

•—•——

Cisco Systems Advanced Easy VPN Properties

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505