Filter
Top Products
35-7
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
Group Policies
• Address Pools—(Network (Client) Access only) Specifies the name of one or more address pools to
use for this group policy.
• Select—(Network (Client) Access only) Opens the Select Address Pools window, which shows the
pool name, starting and ending addresses, and subnet mask of address pools available for client
address assignment and lets you select, add, edit, delete, and assign entries from that list.
• More Options—Displays additional configurable options for this group policy.
• Tunneling Protocols—Specifies the tunneling protocols that this group can use. Users can use only
the selected protocols. The choices are as follows:
–
Clientless SSL VPN—Specifies the use of VPN via SSL/TLS, which uses a web browser to
establish a secure remote-access tunnel to a security appliance; requires neither a software nor
hardware client. Clientless SSL VPN can provide easy access to a broad range of enterprise
resources, including corporate websites, web-enabled applications, NT/AD file share
(web-enabled), e-mail, and other TCP-based applications from almost any computer that can
reach HTTPS Internet sites.
–
SSL VPN Client—Specifies the use of the Cisco AnyConnect VPN client or the legacy SSL
VPN client.
–
IPSec—IP Security Protocol. Regarded as the most secure protocol, IPSec provides the most
complete architecture for VPN tunnels. Both Site-to-Site (peer-to-peer) connections and
client-to-LAN connections can use IPSec.
–
L2TP over IPSec—Allows remote users with VPN clients provided with several common PC
and mobile PC operating systems to establish secure connections over the public IP network
to the security appliance and private corporate networks. L2TP uses PPP over UDP (port 1701)
to tunnel the data. The security appliance must be configured for IPSec transport mode.
Note If you do not select a protocol, an error message appears.
• Filter—(Network (Client) Access only) Specifies which access control list to use, or whether to
inherit the value from the group policy. Filters consist of rules that determine whether to allow or
reject tunneled data packets coming through the security appliance, based on criteria such as source
address, destination address, and protocol. To configure filters and rules, see the Group Policy
window.
• Web ACL—(Clientless SSL VPN only) Select an access control list (ACL) from the drop-down list
if you want to filter traffic. Click Manage next to the list if you want to view, modify, add, or remove
ACLs before making a selection.
• Manage—Displays the ACL Manager window, with which you can add, edit, and delete Access
Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the
ACL Manager, see the online Help for that window.
• NAC Policy—Selects the name of a Network Admission Control policy to apply to this group policy.
You can assign an optional NAC policy to each group policy. The default value is --None--.
• Manage—Opens the Configure NAC Policy dialog box. After configuring one or more NAC
policies, the NAC policy names appear as options in the drop-down list next to the NAC Policy
attribute.
• Access Hours—Selects the name of an existing access hours policy, if any, applied to this user or
create a new access hours policy. The default value is Inherit, or, if the Inherit check box is not
selected, the default value is --Unrestricted--.