Filter
Top Products
4-9
Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2
OL-5532-02
Chapter 4 Remote Access VPN Services
Creating Remote Access VPN Policies
Step 6 Click Next to continue to the Address Pools page as described in the “Defining Address Pools” section
on page 4-10.
NAT Traversal checkbox Also called NAT transparency. NAT traversal enables IPsec VPN tunnels to span
multiple Network Address Translation (NAT) and Port Address Translation (PAT)
domains. Without NAT traversal, IPsec VPN tunnels cannot span NAT or PAT
domains due to incompatibilities between IPsec packet header requirements and
address translation mechanisms.
When ON, this option allows IPsec traffic to travel through a NAT or PAT point in the
network. Requires Cisco IOS Software Release 12.2(13)T or above.
IKE NAT Keepalive
(in seconds)
text box Available only when NAT Traversal is enabled. The default value is 20 seconds and
the range is from 10 to 3600 seconds.
Tunneling Protocol drop-down
list
Select the tunneling protocol with which this group can connect. Select IPSec or
L2TP over IPsec. The L2TP over IPsec option is supported for the VPN 3000 only.
Consequently, if you select L2TP over IPsec, only VPN 3000 devices will be
available for use in any IPsec RA service request that uses this remote access policy.
Authentication
Server
drop-down
list
Select the authentication method for members of this user group. (The name of the
Remote Access Policy becomes the user group name.) The following options are
supported:
• None – Select this option if you selected L2TP over IPsec as the tunnelling
protocol option. If you select this option, remote users will not be authenticated
by an authentication server. This option is supported for the VPN 3000 only.
• RADIUS – Authenticate users using Remote Authentication Dial In User Service
(RADIUS). The RADIUS specification is described in RFC 2865.
• Internal – Authenticate users against a database internal to the device.
• NT Domain – Authenticate users using an external Windows NT Domain
system.
• SDI – Authenticate users using Security Dynamics International (SDI)
authentication.
• TACACS+ – Authenticate users using Terminal Access Controller Access
Control System Plus (TACACS+).
Default Domain
Name
text box Enter the default domain name given to users of this group.
DNS Primary Server text box Enter the IP address of the primary Domain Name System (DNS) server. This option
is for use with all authentication methods.
DNS Secondary
Server
text box Enter the IP address of the secondary DNS server. This option is for use with all
authentication methods.
WINS Primary
Server
text box Enter the IP address of the primary Windows Internet Name System (WINS) server.
This option is for use with all authentication methods.
WINS Secondary
Server
text box Enter the IP address of the secondary WINS server. This option is for use with all
authentication methods.
Table 4-2 Remote Access VPN Policy – General Editor Fields (continued)
Field Name Type Instructions