Chapter 4 Remote Access VPN Services
Creating Remote Access VPN Policies
Defining Cisco IOS Software-Specific Parameters
In the Remote Access VPN Policy – Cisco IOS Editor page, you can select the values for the SA idle timeout as well as enable Reverse Route Injection (RRI). It is recommended that you select both the RRI and RRI peer options. In remote access, RRI is used to inject the host route into the routing table for the IP address that was allocated out of the remote access address pool. (RRI uses the host address as the route destination in the route entry of the routing table.) This allows the creation of a static route for a remote, protected network.
Perform the following steps if you are provisioning remote access on Cisco IOS devices in your network:
Step 1 The Remote Access VPN Policy – Cisco IOS Editor page appears as shown in Figure
Figure 4-17 The Remote Access VPN Policy – Cisco IOS Editor Page
Step 2 | Follow the instructions in Table | ||
| Table | ||
|
|
|
|
Field Name |
| Type | Instructions |
|
|
|
|
SA Idle Timeout |
| checkbox | Check to enable a security association (SA) idle timeout. |
Enabled |
|
|
|
|
|
|
|
SA Idle Timeout |
| text box | To enable this option, you must first check SA Idle Timeout Enabled, and then you |
|
|
| can enter a timeout value, from 60 to 86,4000 seconds, after which to automatically |
|
|
| delete the IPsec security associations. |
|
|
|
|
Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2
| ||
|
