Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

35-76

Cisco ASDM User Guide

OL-16647-01

Chapter 35 General

Mapping Certificates to IPSec or SSL VPN Connection Profiles

that support such notification; that is, RADIUS, RADIUS with an NT server, and LDAP servers.

The security appliance ignores this command if RADIUS or LDAP authentication has not been

configured.

Note that this does not change the number of days before the password expires, but rather, it

enables the notification. If you check this check box, you must also specify the number of days.

–

Notify...days prior to expiration—Specifies the number of days before the current password

expires to notify the user of the pending expiration. The range is 1 through 180 days.

Modes

The following table shows the modes in which this feature is available:

Add/Edit Tunnel Group > Clientless SSL VPN > Basic

The attributes on the Add/Edit Tunnel Group General Tab dialog boxes for Clientless SSL VPN are the

same as those for Add/Edit Tunnel Group General dialog boxes for IPSec Remote Access. The following

description applies to the fields appearing on the Clientless SSL VPN dialog boxes.

Fields

The Basic dialog box lets you configure the following attributes for Clientless SSL VPN:

• Authentication—Specifies the type of authentication to perform: AAA, Certificate, or Both. The

default value is AAA.

• DNS Group—Specifies the DNS server to use for a connection profile. The default value is

DefaultDNS.

• CSD Failure group policy—This attribute is valid only for security appliances with Cisco Secure

Desktop installed. The security appliance uses this attribute to limit access rights to remote CSD

clients if you use Cisco Secure Desktop Manager to set the VPN feature policy to one of the

following options:

–

“Use Failure Group-Policy.”

–

“Use Success Group-Policy, if criteria match,” and the criteria fail to match.

This attribute specifies the name of the failure group policy to be applied. Choose a group policy to

differentiate access rights from those associated with the default group policy. The default value is

DfltGrpPolicy.

Note The security appliance does not use this attribute if you set the VPN feature policy to

“Always use Success Group-Policy.”

For more information, see the Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series

Administration Guide

The following table shows the modes in which this feature is available:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next