Filter
Top Products
69-117
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Advanced Easy VPN Properties
Tunneled Management
When operating an ASA model 5505 device behind a NAT device, use the Tunneled Management
attributes to specify how to configure device management— in the clear or through the tunnel—and
specify the network or networks allowed to manage the Easy VPN Remote connection through the
tunnel. The public address of the ASA 5505 is not accessible when behind the NAT device unless you
add static NAT mappings on the NAT device.
When operating a Cisco ASA 5505 behind a NAT device, use the vpnclient management command to
specify how to configure device management— with additional encryption or without it—and specify
the hosts or networks to be granted administrative access. The public address of the ASA 5505 is not
accessible when behind the NAT device unless you add static NAT mappings on the NAT device.
Fields
• MAC Exemption—Configures a set of MAC addresses and masks used for device pass-through for
the Easy VPN Remote connection
–
MAC Address—Exempts the device with the specified MAC address from authentication. The
format for specifying the MAC address this field uses three hex digits, separated by periods; for
example, 45ab.ff36.9999.
–
MAC Mask—The format for specifying the MAC mask in this field uses three hex digits,
separated by periods; for example, the MAC mask ffff.ffff.ffff matches just the specified MAC
address. A MAC mask of all zeroes matches no MAC address, and a MAC mask of
ffff.ff00.0000 matches all devices made by the same manufacturer.
–
Add—Adds the specified MAC address and mask pair to the MAC Address/Mask list.
–
Remove—Moves the selected MAC address and mask pair from the MAC Address/MAC list to
the individual MAC Address and MAC Mask fields.
• Tunneled Management—Configures IPsec encryption for device management and specifies the
network or networks allowed to manage the Easy VPN hardware client connection through the
tunnel. Selecting Clear Tunneled Management merely removes that IPsec encryption level and does
not affect any other encryption, such as SSH or https, that exists on the connection.
–
Enable Tunneled Management—Adds a layer of IPsec encryption to the SSH or HTTPS
encryption already present in the management tunnel.
–
Clear Tunneled Management—Uses the encryption already present in the management tunnel,
without additional encryption.
–
IP Address— Specifies the IP address of the host or network to which you want to grant
administrative access to the Easy VPN hardware client through the VPN tunnel. You can
individually add one or more IP addresses and their respective network masks.
–
Mask—Specifies the network mask for the corresponding IP address.
–
Add—Moves the specified IP address and mask to the IP Address/Mask list.
–
Remove—Moves the selected IP address and mask pair from the IP Address/Mask list to the
individual IP Address and Mask fields in this area.
–
IP Address/Mask—Lists the configured IP address and mask pairs to be operated on by the
Enable or Clear functions in this area.
• IPsec Over TCP—Configure the Easy VPN Remote connection to use TCP-encapsulated IPsec.
–
Enable—Enables IPsec over TCP.