Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

35-75

Cisco ASDM User Guide

OL-16647-01

Chapter 35 General

Mapping Certificates to IPSec or SSL VPN Connection Profiles

–

Image URL—Specifies the URL or IP address from which the correct VPN client software

image can be downloaded. For Windows-based VPN clients, the URL must be of the form http://

or https://. For ASA 5505 in client mode or VPN 3002 hardware clients, the URL must be of the

form tftp://.

Modes

The following table shows the modes in which this feature is available:

Add/Edit Tunnel Group > Clientless SSL VPN Access > General > Basic

The Add or Edit pane, General, Basic dialog box lets you specify a name for the tunnel group that you

are adding, lets you select the group policy, and lets you configure password management.

On the Edit Tunnel Group window, the General dialog box displays the name and type of the selected

tunnel group. All other functions are the same as for the Add Tunnel Group window.

Fields

• Name—Specifies the name assigned to this tunnel group. For the Edit function, this field is

display-only.

• Type—Displays the type of tunnel group you are adding or editing. For Edit, this is a display-only

field whose contents depend on your selection in the Add window.

• Group Policy—Lists the currently configured group policies. The default value is the default group

policy, DfltGrpPolicy.

• Strip the realm —Not available for Clientless SSL VPN.

• Strip the group —Not available or Clientless SSL VPN.

• Password Management—Lets you configure parameters relevant to overriding an account-disabled

indication from a AAA server and to notifying users about password expiration.

–

Override account-disabled indication from AAA server—Overrides an account-disabled

indication from a AAA server.

Note Allowing override account-disabled is a potential security risk.

–

Enable notification upon password expiration to allow user to change password—Checking this

check box makes the following two parameters available. If you do not also check the Enable

notification prior to expiration check box, the user receives notification only after the password

has expired.

–

Enable notification prior to expiration—When you check this option, the security appliance

notifies the remote user at login that the current password is about to expire or has expired, then

offers the user the opportunity to change the password. If the current password has not yet

expired, the user can still log in using that password. This parameter is valid for AAA servers

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next