33-65
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter33 Configuring Policy Objects for Remote Access VPNs
Add or Edit User Group Dialog Box
User Group Dialog Box—IOS Client VPN Software Update
Client VPN Software Update (IOS) settings configure, for an IOS VPN client, the platform type, VPN
Client revisions, and image URL for each client VPN software package installed, for your user group.
The Client Update feature is supported on IOS routers version 12.4(2)T and later, and Catalyst
6500/7600 devices version 12.2(33)SRA and later.
To add a client, click the Add Row button to open the Add/Edit Client Update Dialog Box,
page 33-65.
To edit a client, select it and click the Edit Row button.
To delete a client, select it and click the Delete Row button.
Note These settings apply in Easy VPN and remote access VPN configurations.
Navigation Path
Select Client VPN Software Update (IOS) from the table of contents in the Add or Edit User Group
Dialog Box, page 33-58.

Add/Edit Client Update Dialog Box

Use the Add or Edit Client Update dialog box to configure the platform type, image URL, and VPN
Client revisions for a client VPN software package.
Enable Group-Lock Whether to enable group lock, which requires that the user enter the
extended Xauth username in one of the following formats:
username/groupname
username\groupname
username@groupname
username%groupname
The group that is specified after the delimiter is then compared to the
group identifier that is sent during IKE aggressive mode. The groups
must match or the connection is rejected.
Note Do not select this option if you are using RSA signature
authentication mechanisms such as certificates.
Enable Save Password Whether to allow users to save their Xauth password locally on the
client. On subsequent authentications, users can activate the password
by using the check box on the software client or by adding the username
and password to the Cisco IOS hardware client profile. After users
activate the password, their username and password are sent to the
server automatically during Xauth.
This option is useful only if users have static passwords, that is, they
are not one-time passwords such as those that are generated by a token.
Table33-48 User Group Dialog Box—IOS Xauth Options (Continued)
Element Description