27-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 27 Easy VPN
Configuring a User Group Policy for Easy VPN
On the PIX7.0+/ASA Connection Profiles page, you can connection profiles on your Easy VPN server.
Related Topics
Creating or Editing VPN Topologies, page24-28
Understanding IPsec Technologies and Policies, page 24-5
Understanding Easy VPN, page 27-1
Step 1 Do one of the following:
(Site-to-Site VPN Manager Window, page24-18) Select an Easy VPN topology in the VPNs
selector, then select Connection Profiles (PIX 7.0/ASA) in the Policies selector.
(Policy view) Select Site-to-Site VPN > Connection Profiles (PIX 7.0/ASA) from the Policy Types
selector. Select an existing shared policy or create a new one.
For information on the policy, see Connection Profiles Page, page 30-8.
Step 2 On the General tab, specify the connection profile name and group policies and select which method (or
methods) of address assignment to use. For a description of the available properties, see General Tab
(Connection Profiles), page 30-9.
Step 3 Click the AAA tab and specify the AAA authentication parameters for an the connection profile. For a
description of the elements on the tab, see AAA Tab (Connection Profiles), page30-11.
Step 4 Click the IPsec tab and specify IPsec and IKE parameters for the connection profile. For a description
of the elements on the tab, see IPSec Tab (Connection Profiles), page30-16.
Configuring a User Group Policy for Easy VPN
Use the User Group Policy page to create or edit a user group policy on your Easy VPN server. When
you configure an Easy VPN server, you create a user group to which remote clients belong. An Easy
VPN user group policy can be configured on a Cisco IOS security router, PIX 6.3 Firewall, or Catalyst
6500 /7600 device. You can unassign the user group policy if none of the Easy VPN servers are IOS
routers, Catalyst 6500/7600 devices, or PIX 6.3 firewalls.
Remote clients must have the same group name as the user group configured on the server in order to
connect to the device, otherwise no connection is established. When the remote client establishes a
successful connection to the VPN server, the group policies for that particular user group are pushed to
all clients belonging to the user group.
Select the user group policy object that you want to use in the policy from the Available User Groups
list. You can create a new user group object by clicking the Create (+) button, or edit an existing group
by selecting it and clicking the Edit (pencil icon) button. For information about configuring the user
group object, see Add or Edit User Group Dialog Box, page 33-58.
Navigation Path
(Site-to-Site VPN Manager Window, page24-18) Select an Easy VPN topology in the VPNs
selector, then select User Group Policy in the Policies selector.
(Policy view) Select Site-to-Site VPN > User Group Policy from the Policy Types selector. Select
an existing shared policy or create a new one.