33-22
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
ASA Group Policies Dialog Box
ASA Group Policies Connection Settings
Use the Connection Settings to configure the connection characteristics for the ASA group policy,
including access control and session timeouts. These settings are used for Easy VPN and remote access
IPsec or SSL VPN sessions.
Navigation Path
Select Connection Settings from the table of contents in the ASA Group Policies Dialog Box,
page 33-1.
Field Reference
Tunnel Option The policy you want to enable for split tunneling:
Disabled—(Default) No traffic goes in the clear or to any other
destination than the security appliance. Remote users reach
networks through the corporate network and do not have access to
local networks.
Tunnel Specified Traffic—Tunnel all traffic from or to the
networks permitted in the network ACL. Traffic to all other
addresses travels in the clear and is routed by the remote user’s
Internet service provider.
Exclude Specified Traffic—Traffic goes in the clear from and to the
networks permitted in the network ACL. This is useful for remote
users who want to access devices on their local network, such as
printers, while they are connected to the corporate network through
a tunnel. This option applies only to the Cisco VPN Client.
Networks The name of a standard access control list policy object that identifies
the networks that require traffic to travel across the tunnel and those
that do not require tunneling. How permit and deny are interpreted
depends on your selection for Tunnel Option.
Enter the name of the object, or click Select to select it from a list or to
create a new object. If you do not specify an ACL, the network list is
inherited from the default group policy.
Table33-13 ASA Group Policies Split Tunneling Settings (Continued)
Element Description
Table33-14 ASA Group Policies Connection Settings
Element Description
Filter ACL The name of the extended access control list (ACL) policy object to use
for filtering traffic on the VPN connection. The ACL determines which
traffic is permitted or denied. Enter the name of the object or click
Select to select it from a list or to create a new object.
This ACL does not apply to clientless SSL VPN connections.
Banner Text The banner, or welcome text, to display on remote clients when they
connect to the VPN. You can enter up to 500 characters.