27-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter2 7 Easy VPN
Configuring Client Connection Characteristics for Easy VPN
Configuring Credentials Policy Objects
Use the Credentials dialog box to create, copy and edit Credential objects.
Credential objects are used in Easy VPN configuration during IKE Extended Authentication (Xauth)
when authenticating user access to the network and network services. When negotiating tunnel
parameters for establishing IPsec tunnels in an Easy VPN configuration, Xauth identifies the user who
requests the IPsec connection. If the VPN server is configured for Xauth, the client waits for a
“username/password” challenge after the IKE SA has been established. When the end user responds to
the challenge, the response is forwarded to the IPsec peers for an additional level of authentication. You
can save the Xauth credentials (username and password) on the device itself so you do not need to enter
them manually each time the Easy VPN tunnel is established.
Navigation Path
Select Manage > Policy Objects, then select Credentials from the Object Type Selector. Right-click
inside the work area and select New Object or right-click a row and select Edit Object.
Related Topics
Easy VPN and IKE Extended Authentication (Xauth), page 27-4
Configuring Client Connection Characteristics for Easy VPN, page27-7
Policy Object Manager, page 6-4
Field Reference
User Authentication Method
(IOS)
Available only if you selected the Interactive Entered Credentials
option for the Xauth credentials source. The option applies to remote
IOS routers only.
Select one of these ways to enter the Xauth username and password
interactively each time Xauth authentication is requested:
Web Browser (default)—Manually in a web browser window.
Router Console—Manually from the router’s command line.
Table27-1 Easy VPN Client Connection Characteristics Page (Continued)
Element Description
Table27-2 Credentials Dialog Box
Element Description
Name The object name, which can be up to 128 characters. Object names are
not case-sensitive. For more information, see Creating Policy Objects,
page 6-9.
Description An optional description of the object (up to 1024 characters).
Username The name that will be used to identify the user during Xauth
authentication.
Password
Confirm
The password for the user, entered in both fields. The password must be
alphanumeric and a maximum of 128 characters. Spaces are not
allowed.