Chapter 4 Remote Access VPN Services
Creating Remote Access VPN Policies
Table
Field Name | Type | Instructions |
|
|
|
NAT Traversal | checkbox | Also called NAT transparency. NAT traversal enables IPsec VPN tunnels to span |
|
| multiple Network Address Translation (NAT) and Port Address Translation (PAT) |
|
| domains. Without NAT traversal, IPsec VPN tunnels cannot span NAT or PAT |
|
| domains due to incompatibilities between IPsec packet header requirements and |
|
| address translation mechanisms. |
|
| When ON, this option allows IPsec traffic to travel through a NAT or PAT point in the |
|
| network. Requires Cisco IOS Software Release 12.2(13)T or above. |
|
|
|
IKE NAT Keepalive | text box | Available only when NAT Traversal is enabled. The default value is 20 seconds and |
(in seconds) |
| the range is from 10 to 3600 seconds. |
|
|
|
Tunneling Protocol | Select the tunneling protocol with which this group can connect. Select IPSec or | |
| list | L2TP over IPsec. The L2TP over IPsec option is supported for the VPN 3000 only. |
|
| Consequently, if you select L2TP over IPsec, only VPN 3000 devices will be |
|
| available for use in any IPsec RA service request that uses this remote access policy. |
|
|
|
Authentication | Select the authentication method for members of this user group. (The name of the | |
Server | list | Remote Access Policy becomes the user group name.) The following options are |
|
| supported: |
|
| • None – Select this option if you selected L2TP over IPsec as the tunnelling |
|
| protocol option. If you select this option, remote users will not be authenticated |
|
| by an authentication server. This option is supported for the VPN 3000 only. |
|
| • RADIUS – Authenticate users using Remote Authentication Dial In User Service |
|
| (RADIUS). The RADIUS specification is described in RFC 2865. |
|
| • Internal – Authenticate users against a database internal to the device. |
|
| • NT Domain – Authenticate users using an external Windows NT Domain |
|
| system. |
|
| • SDI – Authenticate users using Security Dynamics International (SDI) |
|
| authentication. |
|
| • TACACS+ – Authenticate users using Terminal Access Controller Access |
|
| Control System Plus (TACACS+). |
|
|
|
Default Domain | text box | Enter the default domain name given to users of this group. |
Name |
|
|
|
|
|
DNS Primary Server | text box | Enter the IP address of the primary Domain Name System (DNS) server. This option |
|
| is for use with all authentication methods. |
|
|
|
DNS Secondary | text box | Enter the IP address of the secondary DNS server. This option is for use with all |
Server |
| authentication methods. |
|
|
|
WINS Primary | text box | Enter the IP address of the primary Windows Internet Name System (WINS) server. |
Server |
| This option is for use with all authentication methods. |
|
|
|
WINS Secondary | text box | Enter the IP address of the secondary WINS server. This option is for use with all |
Server |
| authentication methods. |
|
|
|
Step 6 Click Next to continue to the Address Pools page as described in the “Defining Address Pools” section on page
Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2
|
| ||
|
|
