4-16
Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2
OL-5532-02
Chapter4 Remote Access VPN Services
Creating Remote Access VPN Policies
Defining Cisco IOS Software-Specific ParametersIn the Remote Access VPN Policy – Cisco IOS Editor page, you can select the values for the SA idle
timeout as well as enable Reverse Route Injection (RRI). It is recommended that you select both the RRI
and RRI peer options. In remote access, RRI is used to inject the host route into the routing table for the
IP address that was allocated out of the remote access address pool. (RRI uses the host address as the
route destination in the route entry of the routing table.) This allows the creation of a static route for a
remote, protected network.
Perform the following steps if you are provisioning remote access on Cisco IOS devices in your network:
Step1 The Remote Access VPN Policy – Cisco IOS Editor page appears as shown in Figure4-17.
Figure4-17 The Remote Access VPN Policy – Cisco IOS Editor Page
Step2 Follow the instructions in Table 4- 6 to set the Cisco IOS-specific parameters.
Table4-6 Cisco IOS Editor Fields
Field Name Type Instructions
SA Idle Timeout
Enabled
checkbox Check to enable a security association (SA) idle timeout.
SA Idle Timeout text box To enable this option, you must first check SA Idle Timeout Enabled, and then you
can enter a timeout value, from 60 to 86,4000 seconds, after which to automatically
delete the IPsec security associations.