29-24
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
Creating IPSec VPNs Using the Remote Access VPN Configuration Wizard (ASA and PIX 7.0+ Devices)
This procedure describes how to create IPSec VPNs on ASA or PIX 7.0+ devices using the Remote
Access VPN Configuration Wizard.
Tip The wizard allows you to select shared policies to use in the VPN on the Defaults page (the final step of
the wizard). If you want to use this feature, you must first ensure that all required shared policies are
configured and submitted to the database. For information on configuring shared policies and VPN
policy defaults, see Understanding and Configuring VPN Default Policies, page 24-12.
Related Topics
Understanding Remote Access IPSec VPNs, page 29-2
Understanding Devices Supported by Each Remote Access VPN Technology, page 29-8
Step 1 In Device view, select the desired ASA or PIX 7.0+ device.
Step 2 From the Policy selector, select Remote Access VPN > Configuration Wizard.
Step 3 Select the Remote Access IPSec VPN radio button.
Step 4 Click Remote Access Configuration Wizard. The Connection Profile page opens. For a description of
the options that appear on this page, see Remote Access VPN Configuration Wizard—IPSec VPN
Connection Profile Page (ASA), page 29-27.
Step 5 On the Connection Profile page, configure these basic options:
Connection Profile name—Enter the name of the connection profile. This is the name of the tunnel
group, and will appear in the Remote Access VPN > Connection Profiles policy. For more
information about the connection profile policy, see Configuring Connection Profiles (ASA, PIX
7.0+), page 30-6.
IKE Versions—Select the IKE versions to use during IKE negotiations between the VPN server and
the remote users, version 1, 2 or both. IKEv2 is supported on ASA Software release 8.4(1)+ only.
Step 6 On the Connection Profile page, configure these options that will later appear in the General tab of the
connection profile (see General Tab (Connection Profiles), page30-9):
Group Policy—Enter the name of the ASA Group Policy policy object that will be the default group
for the connection profile, or click Select to select the object. If the required object does not yet
exist, click Select, then click the Create (+) button in the ASA User Groups Selector dialog box to
open the dialog boxes that are used to create these objects.
When creating a new group policy object, you must select the same IKE versions that you select in
the Connection Profile page of the wizard. These options are on the Technology page of the Add
ASA Group Policies dialog box: Easy VPN/IPSec IKEv1 and Easy VPN/IPSec IKEv2.
For more information about ASA Group Policies objects, see ASA Group Policies Dialog Box,
page 33-1.
Global IP Address Pool—Enter the address pools from which IP addresses are assigned. The server
uses these address pools in the order listed. If all addresses in the first pool have been assigned, it
uses the next pool, and so on. You can specify up to 6 pools.