Filter
Top Products
4-2
Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2
OL-5532-02
Chapter 4 Remote Access VPN Services
Adding AAA Server Devices to Your Repository
Note Before creating an ISC security policy or service request, it is necessary to populate the ISC repository
with the target devices in your network, collect the initial device configuration files, designate customers
and customer sites, and define each device as a CPE.
CPE devices are the devices at each end of the VPN tunnel. Creating CPE devices includes assigning
each target device to a specific customer and customer site and marking the device interfaces.
Specifically for security management, you must define at least one public and one private interface on
each device.
For how-to information on populating your ISC repository and setting up CPE devices, refer to the Cisco
IP Solution Center Integrated VPN Management Suite Infrastructure Guide, 3.2.
In the Remote Access VPN policy, the network administrator performs the following tasks:
• Configures the encryption policy (which contains IKE and IPsec proposal parameters) that defines
the network layer encryption and authentication control.
• Specifies the IKE XAuth parameters for user authentication.
• Sets the Mode Configuration parameters for policy push and features such as dynamically assigned
client IP addresses.
• Defines the remote access user group. (Because each remote access policy defines a user group, you
can use multiple remote access policies in the same service request. This enables you to configure
multiple user groups on the same CPE device.)
• Defines remote access parameters.
The group policy information is stored in a profile that can be used locally in the VPN device
configuration. When the user or group information is stored on AAA servers, you must also configure
access to the AAA servers and allow the VPN device to send requests to the AAA servers.
Once created, the remote access policies can also be applied to multiple service requests.
To define an remote access VPN service, use the following sections:
• Adding AAA Server Devices to Your Repository, page 4-2
• Creating Encryption Policies, page 4-5
• Creating Remote Access VPN Policies, page 4-5
• Creating Remote Access VPN Service Requests, page 4-25
Adding AAA Server Devices to Your Repository
A AAA server (pronounced “Triple A” server) is required when the user authentication method is
external or the group policy information is stored on an external AAA server. If user profiles or group
attributes are to be obtained from a AAA Server (as opposed to having them stored on the CPE device
itself), then a AAA Server entry must be created and added to your ISC repository.
To create a AAA server entry in ISC, perform the following steps:
Step 1 Click Home > Service Inventory > Inventory and Connection Manager > AAA Servers. The AAA
Servers page appears as shown in Figure 4-2.