Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
69-8
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Group Policies
Note If you do not select a protocol, an error message appears.
Web ACL—(Clientless SSL VPN only) Choose an access control list (ACL) from the drop-down list
if you want to filter traffic. Click Manage next to the list if you want to view, modify, add, or remove
ACLs before making a selection.
Manage—Displays the ACL Manager dialog box, with which you can add, edit, and delete Access
Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the
ACL Manager, see the online Help for that dialog box.
IPv4Filter—(Network (Client) Access only) Specifies which access control list to use for an IPv4
connection, or whether to inherit the value from the group policy. Filters consist of rules that
determine whether to allow or reject tunneled data packets coming through the ASA, based on
criteria such as source address, destination address, and protocol. To configure filters and rules, see
the ACL Manager dialog box.
Manage—Displays the ACL Manager dialog box, with which you can add, edit, and delete Access
Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the
ACL Manager, see the online Help for that dialog box.
IPv6Filter—(Network (Client) Access only) Specifies which access control list to use for an IPv6
connection, or whether to inherit the value from the group policy. Filters consist of rules that
determine whether to allow or reject tunneled data packets coming through the ASA, based on
criteria such as source address, destination address, and protocol. To configure filters and rules, see
the ACL Manager dialog box.
Manage—Displays the ACL Manager dialog box, with which you can add, edit, and delete Access
Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the
ACL Manager, see the online Help for that dialog box.
NAC Policy—Selects the name of a Network Admission Control policy to apply to this group policy.
You can assign an optional NAC policy to each group policy. The default value is --None--.
Manage—Opens the Configure NAC Policy dialog box. After configuring one or more NAC
policies, the NAC policy names appear as options in the drop-down list next to the NAC Policy
attribute.
Access Hours—Selects the name of an existing access hours policy, if any, applied to this user or
create a new access hours policy. The default value is Inherit, or, if the Inherit check box is not
checked, the default value is --Unrestricted--.
Manage—Opens the Browse Time Range dialog box, in which you can add, edit, or delete a time
range.
Simultaneous Logins—Specifies the maximum number of simultaneous logins allowed for this user.
The default value is 3. The minimum value is 0, which disables login and prevents user access.
Note While there is no maximum limit, allowing several simultaneous connections might
compromise security and affect performance.
Restrict Access to VLAN—(Optional) Also called “VLAN mapping,” this parameter specifies the
egress VLAN interface for sessions to which this group policy applies. The ASA forwards all traffic
on this group to the selected VLAN. Use this attribute to assign a VLAN to the group policy to
simplify access control. Assigning a value to this attribute is an alternative to using ACLs to filter
traffic on a session. In addition to the default value (Unrestricted), the drop-down list shows only
the VLANs that are configured on this ASA.