Cisco ASA 5505 Configuration Manual page 1415

Chapter 64 General VPN Setup
Fields
Enable Easy VPN Remote—Enables the Easy VPN Remote feature and makes available the rest of
•
the fields on this dialog box for configuration.
• Mode—Selects either Client mode or Network extension mode.
–
–
–
Group Settings—Specifies whether to use a pre-shared key or an X.509 certificate for user
•
authentication.
–
–
–
–
–
–
–
• User Settings—Configures user login information.
–
–
–
OL-20339-01
Client mode—Uses Port Address Translation (PAT) mode to isolate the addresses of the inside
hosts, relative to the client, from the enterprise network.
Network extension mode—Makes those addresses accessible from the enterprise network.
If the Easy VPN Remote is using NEM and has connections to secondary servers,
Note
establish an ASDM connection to each headend and check Enable Reverse Route
Injection on the Configuration > VPN > IPsec > IPsec Rules > Tunnel Policy (Crypto
Map) - Advanced dialog box to configure dynamic announcements of the remote
network using RRI.
Auto connect—The Easy VPN Remote establishes automatic IPsec data tunnels unless both of
the following are true: Network extension mode is configured locally, and split-tunneling is
configured on the group policy pushed to the Easy VPN Remote. If both are true, checking this
attribute automates the establishment of IPsec data tunnels. Otherwise, this attribute has no
effect.
Pre-shared key—Enables the use of a pre-shared key for authentication and makes available the
subsequent Group Name, Group Password, and Confirm Password fields for specifying the
group policy name and password containing that key.
Group Name—Specifies the name of the group policy to use for authentication.
Group Password—Specifies the password to use with the specified group policy.
Confirm Password—Requires you to confirm the group password just entered.
X.509 Certificate—Specifies the use of an X.509 digital certificate, supplied by a Certificate
Authority, for authentication.
Select Trustpoint—Lets you select a trustpoint, which can be an IP address or a hostname, from
the drop-down list. To define a trustpoint, click the link to Trustpoint(s) configuration at the
bottom of this area.
Send certificate chain—Enables sending a certificate chain, not just the certificate itself. This
action includes the root certificate and any subordinate CA certificates in the transmission.
User Name—Configures the VPN username for the Easy VPN Remote connection. Xauth
provides the capability of authenticating a user within IKE using TACACS+ or RADIUS. Xauth
authenticates a user (in this case, the Easy VPN hardware client) using RADIUS or any of the
other supported user authentication protocols. The Xauth username and password parameters
are used when secure unit authentication is disabled and the server requests Xauth credentials.
If secure unit authentication is enabled, these parameters are ignored, and the adaptive security
appliance prompts the user for a username and password.
User Password—Configures the VPN user password for the Easy VPN Remote connection.
Confirm Password—Requires you to confirm the user password just entered.
Cisco ASA 5500 Series Configuration Guide using ASDM
Easy VPN Remote
64-105