Cisco Systems ISA550 Configuring WAN Settings, Configuring Operation Mode

Configuration Wizards

Using the Remote Access VPN Wizard

Cisco ISA500 Series Integrated Security Appliances Administration Guide 56

NOTE: You must have valid CA certificates imported on your security

appliance before you use the digital certificates to authenticate. Go to the

Device Management > Certificate Management page to import the CA

certificates. See Managing Certificates for Authentication, page 418.

STEP 5 After you are finished, click Next.

Configuring WAN Settings

STEP 6 Use the WAN page to choose the WAN port that traffic passes through over the

VPN tunnel. If you have two links, you can enable WAN Failover to redirect traffic to

the secondary link when the primary link is down.

•WAN Failover: Click On to enable WAN Failover, or click Off to disable it.

NOTE: To enable WAN Failover for IPsec Remote Access, make sure that the

secondary WAN port was configured and the WAN redundancy was set as

the Load Balancing or Failover mode. The security appliance will

automatically update the local WAN gateway for the VPN tunnel based on

the configurations of the backup WAN link. For this purpose, Dynamic DNS

has to be configured because the IP address will change due to failover. In

this case, remote VPN clients must use the domain name of the IPsec VPN

server to establish the VPN connections.

•WAN Int erfac e: Choose the WAN port that traffic passes through over the

VPN tunnel.

STEP 7 After you are finished, click Next.

Configuring Operation Mode

STEP 8 Use the Network page to configure the mode of operation. The Cisco VPN

hardware client supports Network Extension Mode (NEM) and Client Mode. The

IPsec Remote Access group policy must be configured with the corresponding

mode to allow only the Cisco VPN hardware clients in the same operation mode to

be connected.

For example, if you choose the Client mode for the IPsec Remote Access group

policy, only the Cisco VPN hardware clients in Client mode can be connected by

using this group policy. For more information about the operation mode, see

Modes of Operation, page 365.

•Mode: Choose one of the following modes:

-Client: Choose this mode for the group policy that is used for both the PC

running the Cisco VPN Client software and the Cisco device that

supports the Cisco VPN hardware client in Client mode. In Client mode,