33-64
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
Add or Edit User Group Dialog Box
User Group Dialog Box—IOS Xauth Options
IOS Xauth options configure IKE Extended Authentication (Xauth) user authentication and connection
parameters for the user group, including the banner text.
Note These settings apply in Easy VPN and remote access VPN configurations.
Navigation Path
Select Xauth Options (IOS) from the table of contents in the Add or Edit User Group Dialog Box,
page 33-58.
Field Reference
Policy Type Specifies the CPP firewall policy type:
Check Presence—Instructs the server to check for the presence of
the specified firewall type.
Central Policy Push—The actual policy, such as the input and
output access lists, that must be applied by the specified client
firewall type. Specify the following:
The access control list to be used. Enter the name of the
extended ACL object or click Select to select it from a list or
to create a new object.
The direction of the access control list—Inbound or Outbound.
Include Local LAN Whether to allow a non split-tunneling connection to access the local
LAN at the same time as the client.
Perfect Forward Secrecy Whether to enable Perfect Forward Secrecy (PFS). If PFS is enabled,
the server is configured to notify the client of the central-site policy
about whether PFS is required for any IPsec SA. The Diffie-Hellman
(D-H) group that is proposed for PFS is the same that was negotiated in
Phase 1 of the IKE negotiation.
Table33-47 User Group Dialog Box—Client Settings (IOS) (Continued)
Element Description
Table33-48 User Group Dialog Box—IOS Xauth Options
Element Description
Banner The banner text that is displayed to Easy VPN remote clients during
Xauth and web-based activation the first time the Easy VPN tunnel is
brought up. A maximum of 1024 characters is allowed.
Maximum Logins Per User The maximum number of connections a user can establish
simultaneously. The maximum is 10.
Maximum Connections The maximum number of client connections to the Easy VPN Server
from this group. The maximum is 5000 per group.