30-40
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Working with SSL and IKEv2 IPSec VPN Policies

Access Interface Configuration Dialog Box

Use the Access Interface Configuration dialog box to configure an interface on an ASA device for remote
access SSL or IKEv2 IPSec VPN connections.
Navigation Path
Open the SSL VPN Access policy (see SSL VPN Access Policy Page, page 30-37), then click Add Row
below the interface table, or select a row in the table and click Edit Row.
Related Topics
Configuring an Access Policy, page30-40
Understanding Interface Role Objects, page 6-67
Field Reference
Configuring an Access Policy
This procedure describes how to configure an Access policy on an ASA device. Access policies are
required for remote access SSL and IKEv2 IPSec VPN connections. For more information about access
policies, see Understanding SSL VPN Access Policies (ASA), page30-36.
Step 1 Do one of the following:
(Device v iew) With an ASA device selected, select Remote Access VPN > SSL VPN > Access from
the Policy selector.
(Policy view) Select Remote Access VPN > SSL VPN > Access (ASA) from the Policy Type
selector. Select an existing policy or create a new one.
Table30-17 Access Interface Configuration Dialog Box
Element Description
Access Interface The interface or interface role object on which you want to configure
SSL or IKEv2 IPSec VPN access. Enter the name of the interface or
interface role, or click Select to select one from a list or to create new
interface role objects.
Trustpoint
Load Balancing Trustpoint
The trustpoint (Certificate Authority, or CA server) to use for
authenticating users on the interface. Enter the name of a PKI
enrollment object, or click Select to select one or to create a new object.
If load balancing is configured, you can also select a separate PKI
enrollment object for the load balancing trustpoint.
Allow Access Select this option to enable VPN access via this interface. If the option
is not selected, access is configured on the interface, but it is disabled.
Enable DTLS When selected, enables Datagram Transport Layer Security (DTLS) on
the interface and allows an AnyConnect VPN Client to establish an SSL
VPN connection using two simultaneous tunnels—an SSL tunnel and a
DTLS tunnel.
Check Client Certificate When selected, a valid digital certificate is required from the client for
connection.