Cisco ASA 5505 Configuration Manual page 1417

Chapter 64 General VPN Setup
Fields
MAC Exemption—Configures a set of MAC addresses and masks used for device pass-through for
•
the Easy VPN Remote connection
–
–
–
–
Tunneled Management—Configures IPsec encryption for device management and specifies the
•
network or networks allowed to manage the Easy VPN hardware client connection through the
tunnel. Selecting Clear Tunneled Management merely removes that IPsec encryption level and does
not affect any other encryption, such as SSH or https, that exists on the connection.
–
–
–
–
–
–
–
• IPsec Over TCP—Configure the Easy VPN Remote connection to use TCP-encapsulated IPsec.
–
Note
–
• Server Certificate—Configures the Easy VPN Remote connection to accept only connections to
Easy VPN servers with the specific certificates specified by the certificate map. Use this parameter
to enable Easy VPN server certificate filtering. To define a certificate map, go to Configuration >
VPN > IKE > Certificate Group Matching > Rules.
OL-20339-01
MAC Address—Exempts the device with the specified MAC address from authentication. The
format for specifying the MAC address this field uses three hex digits, separated by periods; for
example, 45ab.ff36.9999.
MAC Mask—The format for specifying the MAC mask in this field uses three hex digits,
separated by periods; for example, the MAC mask ffff.ffff.ffff matches just the specified MAC
address. A MAC mask of all zeroes matches no MAC address, and a MAC mask of
ffff.ff00.0000 matches all devices made by the same manufacturer.
Add—Adds the specified MAC address and mask pair to the MAC Address/Mask list.
Remove—Moves the selected MAC address and mask pair from the MAC Address/MAC list to
the individual MAC Address and MAC Mask fields.
Enable Tunneled Management—Adds a layer of IPsec encryption to the SSH or HTTPS
encryption already present in the management tunnel.
Clear Tunneled Management—Uses the encryption already present in the management tunnel,
without additional encryption.
IP Address— Specifies the IP address of the host or network to which you want to grant
administrative access to the Easy VPN hardware client through the VPN tunnel. You can
individually add one or more IP addresses and their respective network masks.
Mask—Specifies the network mask for the corresponding IP address.
Add—Moves the specified IP address and mask to the IP Address/Mask list.
Remove—Moves the selected IP address and mask pair from the IP Address/Mask list to the
individual IP Address and Mask fields in this area.
IP Address/Mask—Lists the configured IP address and mask pairs to be operated on by the
Enable or Clear functions in this area.
Enable—Enables IPsec over TCP.
Choose Configuration > VPN > IPsec > Pre-Fragmentation, double-click the outside
interface, and set the DF Bit Setting Policy to Clear if you configure the Easy VPN Remote
connection to use TCP-encapsulated IPsec. The Clear setting lets the adaptive security
appliance send large packets.
Enter Port Number—Specifies the port number to use for the IPsec over TCP connection.
Cisco ASA 5500 Series Configuration Guide using ASDM
Advanced Easy VPN Properties
64-107