VPN
Configuring SSL VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 376
8
The SSL VPN gateway holds a CA certificate that is presented to the SSL VPN
clients when the SSL VPN clients first connect to the gateway. The purpose of this
certificate is to authenticate the server. You can use the default certificate or an
imported certificate for authentication. For information on importing the
certificates, see Managing Certificates for Authentication, page 418.
Configuring SSL VPN UsersISA550 and ISA550W support 25 SSL VPN users. ISA570 and ISA570W suppor t
50 SSL VPN users. To configure the users and user groups for SSL VPN access,
go to the Users > Users and Groups page.
You can assign all SSL VPN users to one user group. However, if you have multiple
SSL VPN group policies, you can create multiple user groups and specify different
SSL VPN group policies for them. Specifying a SSL VPN group policy for a user
group can enable the SSL VPN service for all members of the user group. For
complete details, see Configuring Users and User Groups, page 389.
According to the user authentication settings specified on the security appliance,
the SSL VPN users can be authenticated by the local database or external AAA
server (such as Active Directory, LDAP, or RADIUS). For information on configuring
the user authentication settings, see Configuring User Authentication Settings,
page 393.
Configuring SSL VPN GatewayUse the SSL VPN Configuration page to enable the SSL VPN feature and configure
the SSL VPN gateway settings.
STEP 1 Click VPN > SSL Remote User A ccess > SSL VPN Configuration.
The SSL VPN Configuration window opens.
STEP 2 Click On to enable the SSL VPN feature and hence set the security appliance as a
SSL VPN server, or click Off to disable it.
STEP 3 In the Mandatory Gateway area, enter the following information:
•Gateway Interface: Choose the WAN port that traffic passes through over
the SSL VPN tunnels.