Filter
Top Products
35-86
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
Advanced Easy VPN Properties
Advanced Easy VPN Properties
Device Pass-Through
Certain devices like Cisco IP phones, printers, and the like are incapable of performing authentication,
and therefore of participating in individual unit authentication. To accommodate these devices, the
device pass-through feature, enabled by the MAC Exemption attributes, exempts devices with the
specified MAC addresses from authentication when Individual User Authentication is enabled.
The first 24 bits of the MAC address indicate the manufacturer of the piece of equipment. The last 24
bits are the unit’s serial number in hexadecimal format.
Tunneled Management
When operating an ASA model 5505 device behind a NAT device, use the Tunneled Management
attributes to specify how to configure device management— in the clear or through the tunnel—and
specify the network or networks allowed to manage the Easy VPN Remote connection through the
tunnel. The public address of the ASA 5505 is not accessible when behind the NAT device unless you
add static NAT mappings on the NAT device.
When operating a Cisco ASA 5505 behind a NAT device, use the vpnclient management command to
specify how to configure device management— with additional encryption or without it—and specify
the hosts or networks to be granted administrative access. The public address of the ASA 5505 is not
accessible when behind the NAT device unless you add static NAT mappings on the NAT device.
Fields
• MAC Exemption—Configures a set of MAC addresses and masks used for device pass-through for
the Easy VPN Remote connection
–
MAC Address—Exempts the device with the specified MAC address from authentication. The
format for specifying the MAC address this field uses three hex digits, separated by periods; for
example, 45ab.ff36.9999.
–
MAC Mask—The format for specifying the MAC mask in this field uses three hex digits,
separated by periods; for example, the MAC mask ffff.ffff.ffff matches just the specified MAC
address. A MAC mask of all zeroes matches no MAC address, and a MAC mask of
ffff.ff00.0000 matches all devices made by the same manufacturer.
–
Add—Adds the specified MAC address and mask pair to the MAC Address/Mask list.
–
Remove—Moves the selected MAC address and mask pair from the MAC Address/MAC list to
the individual MAC Address and MAC Mask fields.
• Tunneled Management—Configures IPSec encryption for device management and specifies the
network or networks allowed to manage the Easy VPN hardware client connection through the
tunnel. Selecting Clear Tunneled Management merely removes that IPSec encryption level and does
not affect any other encryption, such as SSH or https, that exists on the connection.
–
Enable Tunneled Management—Adds a layer of IPSec encryption to the SSH or HTTPS
encryption already present in the management tunnel.
–
Clear Tunneled Management—Uses the encryption already present in the management tunnel,
without additional encryption.
–
IP Address— Specifies the IP address of the host or network to which you want to grant
administrative access to the Easy VPN hardware client through the VPN tunnel. You can
individually add one or more IP addresses and their respective network masks.
–
Mask—Specifies the network mask for the corresponding IP address.