Manualshelf

User's Manual

ManualsBrandsCisco Systems ManualsSecurity CameraCisco Systems CL-28826-01
1151115211531154115511561157115811591160
27-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 27 Easy VPN
Configuring Client Connection Characteristics for Easy VPN
Configuring Client Connection Characteristics for Easy VPN
Use the Client Connection Characteristics page to specify how traffic will be routed in the Easy VPN
topology and how the VPN tunnel will be established. The characteristics defined in this policy are
configured on the remote clients. Before configuring this policy, read the following topics:
Easy VPN Configuration Modes, page 27-3
Easy VPN and IKE Extended Authentication (Xauth), page 27-4
Navigation Path
(Site-to-Site VPN Manager Window, page 24-18) Select an Easy VPN topology in the VPNs
selector, then select Client Connection Characteristics in the Policies selector.
(Policy view) Select Site-to-Site VPN > Client Connection Characteristics and create a new
policy or edit an existing policy.
Related Topics
Understanding Easy VPN, page 27-1
Creating Access Control List Objects, page 6-49
Important Notes About Easy VPN Configuration, page 27-6
Field Reference
Table 27-1 Easy VPN Client Connection Characteristics Page
Element Description
Mode The configuration mode for the remote devices:
Client—Specifies that all traffic from the remote client’s inside
network will undergo Port Address Translation (PAT) to a single IP
address which was assigned for the device by the head end server
at connect time.
Network Extension—Specifies that PCs and other hosts at the
client end of the VPN tunnel should be given IP addresses that are
fully routable and reachable by destination network. PAT is not
used, allowing the client PCs and hosts to have direct access to the
PCs and hosts at the destination network.
Network Extension Plus—An enhancement to Network
Extension mode, that enables an IP address that is received via
mode configuration to be automatically assigned to an available
loopback interface. The IPsec SAs for this IP address are
automatically created by the Easy VPN client. The IP address is
typically used for troubleshooting (using ping, Telnet, and Secure
Shell).
If you select Network Extension Plus, this mode is configured on
IOS routers only. Clients that are PIX or ASA devices are
configured in Network Extension mode.
For more information, see Easy VPN Configuration Modes, page 27-3.