29-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter29 Managing Remote Access VPNs: The Basics
Overview of Remote Access VPN Policies
Tip Some device models have NO-VPN versions, which do not support VPN configuration. Thus, although
the 3845 model might be supported for a type of VPN, the 3845 NOVPN model is not supported. In
addition, the Cisco Catalyst 6500 series ASA Services Module (running software release 8.5(x)) does
not support any type of VPN.
Related Topics
Understanding Remote Access IPSec VPNs, page 29-2
Understanding Remote Access SSL VPNs, page 29-2
Using the Remote Access VPN Configuration Wizard, page29-13
Overview of Remote Access VPN Policies for ASA and PIX 7.0+ Devices, page 30-2
Overview of Remote Access VPN Policies for IOS and PIX 6.3 Devices, page 32-2
Overview of Remote Access VPN Policies
The following list summarizes the various policies used in remote access VPN configuration based on
the technology used in the VPN. Possible remote access VPN types are: IKE version 1 (IKEv1) IPsec,
IKE version 2 (IKEv2) IPsec, and SSL. Where indicated, many of these policies apply to specific device
types only. To see an edited version of this list per device type, see the following topics:
Overview of Remote Access VPN Policies for ASA and PIX 7.0+ Devices, page 30-2
Overview of Remote Access VPN Policies for IOS and PIX 6.3 Devices, page 32-2
Table29-1 Devices Supported by Each Remote Access Technology
Technology Supported Platforms
IKE version 1 IPsec ASA/PIX 7.0+—ASA 5500 series and PIX 515, 515E, 525, or 535
with PIX Software 7.0+ (including 8.0+), running in single context
and router modes.
IOS/PIX 6.3—Cisco IOS security routers (including Aggregation
Service Routers, or ASRs), Catalyst 6500/7600, and PIX Firewalls
running PIX Software 6.3 only.
IKE version 2 IPsec ASA 5500 series only, running ASA Software 8.4(x) only.
SSL ASA—ASA 5500 series devices running software version 8.0 and
later, running in single-context and router modes.
IOS—Cisco 870, 880, 890, 1800, 2800, 3700, 3800, 7200, and
7301 Series routers running software version 12.4(6)T and later,
and on Cisco 1900, 2900, and 3900 Series routers running software
version 15.0(1)M and later. For the 880 Series routers, the
minimum software version is 12.4(15)XZ, which is mapped to
12.4(20)T in Security Manager.
Tip No version of PIX is supported for SSL VPN configuration.