32-6
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 32 Managing Remote Access VPNs on IOS and PIX 6.3 Devices
Configuring an IPsec Proposal on a Remote Access VPN Server (IOS, PIX 6.3 Devices)
VPNSM/VPN SPA/VSPA Settings Dialog Box
Note This dialog box is available only if the selected device is a Catalyst 6500/7600.
Use the VPNSM/VPN SPA/VSPA Settings dialog box to specify the settings for configuring a VPN
Services Module (VPNSM), a VPN Shared Port Adapter (VPN SPA), or a Cisco VPN Service Port
Adapters (VSPAs) on a Catalyst 6500/7600 device.
Notes
Before you define the settings, you must import your Catalyst 6500/7600 device to the Security
Manager inventory and discover its interfaces. For more information, see Configuring VPNSM or
VPN SPA/VSPA Endpoint Settings, page 24-41.
Before you configure VPNSM or VPN SPA with VRF-Aware IPsec on a device, verify that an IPsec
proposal with VRF-Aware IPsec and an IPsec proposal without VRF-Aware IPsec were not
configured on the device.
Navigation Path
In the General tab of the IPsec Proposal Editor Dialog Box (for Catalyst 6500/7600 Devices), click
Select next to the Inside VLAN field. For more information about opening the IPsec Proposal Editor, see
IPsec Proposal Editor (IOS, PIX 6.3 Devices), page 32-4.
Related Topics
Creating Interface Role Objects, page 6-68
Field Reference
User Authentication
(Xauth)/AAA Authentication
Method
The AAA or Xauth user authentication method that defines the order in
which user accounts are searched.
Xauth allows all Cisco IOS software AAA authentication methods to
perform user authentication in a separate phase after the IKE
authentication phase 1 exchange.
Click Select to open a dialog box that lists all available AAA group
servers, and in which you can create AAA group server objects. Select
all that apply and use the up and down arrow buttons to put them in
priority order.
Table32-1 IPsec Proposal Editor, General Tab, IOS and PIX 6.3 Devices (Continued)
Element Description
Table32-2 VPNSM/VPN SPA/VSPA Settings Dialog Box
Element Description
Inside VLAN The inside VLAN that serves as the inside interface to the VPNSM,
VPN SPA, or VSPA, and to which the required crypto maps will be
applied. Enter the VLAN ID or click Select to select it or to create a
new interface role object to identify the VLAN.