Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
69-106
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
uses this information to determine whether the software each VPN client is running is at an
appropriate revision level and, if appropriate, to provide a notification message and an update
mechanism to clients that are running outdated software.
Client Type—Identifies the VPN client type.
VPN Client Revisions—Specifies the acceptable revision level of the VPN client.
Image URL—Specifies the URL or IP address from which the correct VPN client software
image can be downloaded. For Windows-based VPN clients, the URL must be of the form http://
or https://. For ASA 5505 in client mode or VPN 3002 hardware clients, the URL must be of the
form tftp://.
Modes
The following table shows the modes in which this feature is available:
Clientless SSL VPN Access > Connection Profiles > Add/Edit > General > Basic
The Add or Edit pane, General, Basic dialog box lets you specify a name for the tunnel group that you
are adding, lets you select the group policy, and lets you configure password management.
On the Edit Tunnel Group dialog box, the General dialog box displays the name and type of the selected
tunnel group. All other functions are the same as for the Add Tunnel Group dialog box.
Fields
Name—Specifies the name assigned to this tunnel group. For the Edit function, this field is
display-only.
Type—Displays the type of tunnel group you are adding or editing. For Edit, this is a display-only
field whose contents depend on your selection in the Add dialog box.
Group Policy—Lists the currently configured group policies. The default value is the default group
policy, DfltGrpPolicy.
Strip the realm —Not available for Clientless SSL VPN.
Strip the group —Not available or Clientless SSL VPN.
Password Management—Lets you configure parameters relevant to overriding an account-disabled
indication from a AAA server and to notifying users about password expiration.
Override account-disabled indication from AAA server—Overrides an account-disabled
indication from a AAA server.
Note Allowing override account-disabled is a potential security risk.
Enable notification upon password expiration to allow user to change password—Checking this
check box makes the following two parameters available. If you do not also check the Enable
notification prior to expiration check box, the user receives notification only after the password
has expired.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
——