29-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
Creating User Groups with the Create Group Policy Wizard
When you are using the Remote Access SSL VPN Configuration wizard to create an SSL VPN on ASA
or IOS devices, you can create new ASA group policy or IOS user group objects using a wizard. The
wizard lets you configure select elements of the group, so you might need to edit the object after creating
it to configure additional settings.
The Create Group Policy wizard is available only through the Remote Access SSL VPN Configuration
wizard. For an explanation of how to start and use the wizard, see the following topics:
The following procedure assumes that you are already in the Remote Access SSL VPN Configuration
wizard, as described in the following topics:
Creating SSL VPNs Using the Remote Access VPN Configuration Wizard (ASA Devices),
page 29-14
Creating SSL VPNs Using the Remote Access VPN Configuration Wizard (IOS Devices),
page 29-31
Related Topics
SSL VPN Access Modes, page 29-4
Step 1 When using the Remote Access VPN Configuration wizard for SSL VPNs, proceed to the page where
you select group policies. On this page, you can open the selection page for user groups by doing the
following:
ASA devices—On the Connection Profile page of the wizard, click Select next to the Group Policy
field, or click Edit next to the Group Policies table.
IOS devices—On the Gateway and Context page of the wizard, click Edit next to the Group Policies
table.
Step 2 In the Group Policy Selector dialog box, click the Create (+) button below the list of available group
policies to start the Create Group Policy wizard. The wizard starts at the Group Policy page.
You can also do the following on the Group Policy Selector:
Select existing groups and click >> to use them in the SSL VPN. When selecting a group for the
default group on an ASA (the Group Policy field), you select the object simply by clicking it in the
list.
Select an existing group and click Edit (pencil) to change its properties.
Step 3 On the Group Policy page, configure the following options:
Name—The name of the user group. Enter up to 128 characters, including uppercase and lowercase
characters and most alphanumeric or symbol characters.
Access Method—Select the required remote access method options, as follows:
Full Tunnel—To access to the corporate network completely over an SSL VPN tunnel. This is
the recommended option.
Clientless—To access the internal or corporate network using a web browser on the client
machine.
Thin Client—To download a Java applet that acts as a TCP proxy on the client machine.
Step 4 Click Next. The page that opens next depends on which access methods you selected. This procedure
assumes that you selected all methods, in which case the Full Client page opens.