7-3
Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
78-17611-01
Chapter 7 Scenario: Remote-Access VPN Configuration
Implementing the IPsec Remote-Access VPN Scenario
• Specifying the VPN Tunnel Group Name and Authentication Method,
page 7-7
• Specifying a User Authentication Method, page 7-8
• (Optional) Configuring User Accounts, page 7-10
• Configuring Address Pools, page 7-11
• Configuring Client Attributes, page 7-12
• Configuring the IKE Policy, page 7-13
• Configuring IPsec Encryption and Authentication Parameters, page 7-15
• Specifying Address Translation Exception and Split Tunneling, page 7-16
• Verifying the Remote-Access VPN Configuration, page 7-17
Information to Have Available
Before you begin configuring the adaptive security appliance to accept remote
access IPsec VPN connections, make sure that you have the following information
available:
• Range of IP addresses to be used in an IP pool. These addresses are assigned
to remote VPN clients as they are successfully connected.
• List of users to be used in creating a local authentication database, unless you
are using a AAA server for authentication.
• Networking information to be used by remote clients when connecting to the
VPN, including:
–
IP addresses for the primary and secondary DNS servers
–
IP addresses for the primary and secondary WINS servers
–
Default domain name
–
List of IP addresses for local hosts, groups, and networks that should be
made accessible to authenticated remote clients