4-5
Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2
OL-5532-02
Chapter4 Remote Access VPN Services
Creating Encryption Policies
Figure4-4 The AAA Servers Page After Adding A New Server
Creating Encryption Policies
The encryption policy defines the security parameters for protecting data traveling through the VPN
tunnels. It consists of one or more IKE proposals, one or more IPsec proposals, and global attributes. For
example, the IKE proposal portion of the encryption policy could consist of selecting the 3DES, SHA,
certificates, and Diffie-Hellman Group 2 options, and the IPsec proposal portion of the encryption policy
could consist of selecting the ESP-AES, ESP-SHA, no authentication header (AH), no compression, and
no PFS options.
You must have an encryption policy for your remote access policy. However, the same encryption policy
defined for a site-to-site VPN policy may also be used for a remote access policy. So, if you have already
created an encryption policy in ISC that you would like to use, proceed to the “Creating Remote Access
VPN Policies” section on page 4-5. Otherwise, follow the instructions in “Creating an Encryption
Policy” section on page 3-5 and create an encryption policy before continuing.
Creating Remote Access VPN Policies
The remote access VPN policy defines the characteristics of the IPsec tunnel between the customer site
and the remote user. Its attributes include the VPN group name and password, IP address pools, and split
tunneling subnets. Additionally, the policy defines what VPN features are enabled and which are not.
For example, the policy enables (or disables) reverse route injection and NAT transparency.