Filter
Top Products
35-74
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
Mapping Certificates to IPSec or SSL VPN Connection Profiles
2. An extended authentication (xauth) exchange then authenticates the remote VPN user. This
extended authentication can use one of the supported legacy authentication methods.
Note Before setting the authentication type to hybrid, you must configure the authentication server
and create a pre-shared key.
• IKE Peer ID Validation—Selects whether IKE peer ID validation is ignored, required, or checked
only if supported by a certificate.
• Enable sending certificate chain—Enables or disables sending the entire certificate chain. This
action includes the root certificate and any subordinate CA certificates in the transmission.
• ISAKMP Keep Alive—Enables and configures ISAKMP keep alive monitoring.
–
Disable Keep Alives—Enables or disables ISAKMP keep alives.
–
Monitor Keep Alives—Enables or disables ISAKMP keep alive monitoring. Selecting this
option makes available the Confidence Interval and Retry Interval fields.
–
Confidence Interval—Specifies the ISAKMP keep alive confidence interval. This is the number
of seconds the security appliance should allow a peer to idle before beginning keepalive
monitoring. The minimum is 10 seconds; the maximum is 300 seconds. The default for a remote
access group is 300 seconds.
–
Retry Interval—Specifies number of seconds to wait between ISAKMP keep alive retries. The
default is 2 seconds.
–
Head end will never initiate keepalive monitoring—Specifies that the central-site security
appliance never initiates keepalive monitoring.
• Interface-Specific Authentication Mode—Specifies the authentication mode on a per-interface
basis.
–
Interface—Lets you select the interface name. The default interfaces are inside and outside, but
if you have configured a different interface name, that name also appears in the list.
–
Authentication Mode—Lets you select the authentication mode, none, xauth, or hybrid, as
above.
–
Interface/Authentication Mode table—Shows the interface names and their associated
authentication modes that are selected.
–
Add—Adds an interface/authentication mode pair selection to the Interface/Authentication
Modes table.
–
Remove—Removes an interface/authentication mode pair selection from the
Interface/Authentication Modes table.
• Client VPN Software Update Table—Lists the client type, VPN Client revisions, and image URL
for each client VPN software package installed. For each client type, you can specify the acceptable
client software revisions and the URL or IP address from which to download software upgrades, if
necessary. The client update mechanism (described in detail under the Client Update window) uses
this information to determine whether the software each VPN client is running is at an appropriate
revision level and, if appropriate, to provide a notification message and an update mechanism to
clients that are running outdated software.
–
Client Type—Identifies the VPN client type.
–
VPN Client Revisions—Specifies the acceptable revision level of the VPN client.