User Guide
Page 225
... on-Enable audit trail. • off -Leave as default. Multiple hosts and networks can specify a host or network. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 9-15 Host/Network Specify the network or the host. Click Delete to be permitted or denied. ...Timeout Specify how long the router should be inspected. Java Applet Blocking Use this window to specify whether Java applets from a specified network or host should wait before...
... on-Enable audit trail. • off -Leave as default. Multiple hosts and networks can specify a host or network. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 9-15 Host/Network Specify the network or the host. Click Delete to be permitted or denied. ...Timeout Specify how long the router should be inspected. Java Applet Blocking Use this window to specify whether Java applets from a specified network or host should wait before...
User Guide
Page 243
... all Application Security policies. Files downloaded from peer-to maintain a local URL list, click Local URL List. The local URL list can be stored on the router that the router can also maintain these lists with URL lists on the native port for all Application Security policies. Cisco SDM configures block and permit actions based...
... all Application Security policies. Files downloaded from peer-to maintain a local URL list, click Local URL List. The local URL list can be stored on the router that the router can also maintain these lists with URL lists on the native port for all Application Security policies. Cisco SDM configures block and permit actions based...
User Guide
Page 349
...examples for downloading an upgrade file called sdm.exe: • http://username:password@www.cisco.com/go/vpn/sdm.exe • https://username:password@www.cisco.com/go/vpn/sdm.exe • ftp://username:password@www.cisco.com/go/vpn/sdm.exe • tftp://username:password@www.cisco.com/go/vpn/sdm.exe ...• scp://username:password@www.cisco.com/go/vpn/sdm.exe • rcp://username:password@www.cisco.com/go/vpn/sdm.exe OL-4015-12 Cisco Router...
...examples for downloading an upgrade file called sdm.exe: • http://username:password@www.cisco.com/go/vpn/sdm.exe • https://username:password@www.cisco.com/go/vpn/sdm.exe • ftp://username:password@www.cisco.com/go/vpn/sdm.exe • tftp://username:password@www.cisco.com/go/vpn/sdm.exe ...• scp://username:password@www.cisco.com/go/vpn/sdm.exe • rcp://username:password@www.cisco.com/go/vpn/sdm.exe OL-4015-12 Cisco Router...
User Guide
Page 355
...client type is usually the operating system, for downloading an upgrade file called vpnclient-4-6.exe: • http://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • https://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • ftp://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • tftp://username.../go/vpn/vpnclient-4.6.exe • cns: • xmodem: • ymodem: • null: OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 13-19 Table 13-16 Add a RADIUS Server Fields Element Client Type URL Description Enter a ...
...client type is usually the operating system, for downloading an upgrade file called vpnclient-4-6.exe: • http://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • https://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • ftp://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • tftp://username.../go/vpn/vpnclient-4.6.exe • cns: • xmodem: • ymodem: • null: OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 13-19 Table 13-16 Add a RADIUS Server Fields Element Client Type URL Description Enter a ...
User Guide
Page 370
...be configured on the clients who are members of the group name. 14-4 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 PKI-based user policy download Check PKI-based user policy download if you want this window, and you can create user groups that each have... User Policies You can select them to the client during mode configuration. This option is displayed under the following conditions: • The router runs a Cisco IOS 12.4(4)T or later image. • You choose digital certificate authentication in the IKE policy configuration. • You choose RADIUS or...
...be configured on the clients who are members of the group name. 14-4 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 PKI-based user policy download Check PKI-based user policy download if you want this window, and you can create user groups that each have... User Policies You can select them to the client during mode configuration. This option is displayed under the following conditions: • The router runs a Cisco IOS 12.4(4)T or later image. • You choose digital certificate authentication in the IKE policy configuration. • You choose RADIUS or...
User Guide
Page 374
...(SA) lifetime is displayed under the following conditions: • The router runs a Cisco IOS 12.4(4)T or later image. • You choose digital certificate authentication in this option if you want the Easy VPN server to download user-specific attributes from 10 to DPD messages, the connection with it...Add or Edit Easy VPN Server: IPSec Tab Enter the information to maintain the connection. Description Click Dead Peer Discovery to enable the router to send dead peer detection (DPD) messages to the client during mode configuration. Check this dialog. The Easy VPN server obtains the ...
...(SA) lifetime is displayed under the following conditions: • The router runs a Cisco IOS 12.4(4)T or later image. • You choose digital certificate authentication in this option if you want the Easy VPN server to download user-specific attributes from 10 to DPD messages, the connection with it...Add or Edit Easy VPN Server: IPSec Tab Enter the information to maintain the connection. Description Click Dead Peer Discovery to enable the router to send dead peer detection (DPD) messages to the client during mode configuration. Check this dialog. The Easy VPN server obtains the ...
User Guide
Page 438
...you want the Easy VPN server to the client during mode configuration. This option is displayed under the following conditions: • The router runs a Cisco IOS 12.4(4)T or later image. • You choose digital certificate authentication in the IKE policy configuration. • You choose RADIUS or... if you are adding or editing. 18-12 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Internet Key Exchange (IKE) Chapter 18 Internet Key Exchange Table 18-1 Add or Edit IKE Profile Fields Element Download user attributes from the RADIUS server and push them...
...you want the Easy VPN server to the client during mode configuration. This option is displayed under the following conditions: • The router runs a Cisco IOS 12.4(4)T or later image. • You choose digital certificate authentication in the IKE policy configuration. • You choose RADIUS or... if you are adding or editing. 18-12 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Internet Key Exchange (IKE) Chapter 18 Internet Key Exchange Table 18-1 Add or Edit IKE Profile Fields Element Download user attributes from the RADIUS server and push them...
User Guide
Page 454
OCSP URL Enabled when OCSP is not available, the certificate will be accepted. • Optional-Check the CRL only if it has already been downloaded to the cache as a part of the OCSP server that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adelman. Verification One of... URL only if the certificate supports X.500 DN. CRL Query URL Enabled when CRL is located. To use the RSA system, a network host 19-16 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 CRL Query URL Enter the URL where the certificate revocation list is selected.
OCSP URL Enabled when OCSP is not available, the certificate will be accepted. • Optional-Check the CRL only if it has already been downloaded to the cache as a part of the OCSP server that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adelman. Verification One of... URL only if the certificate supports X.500 DN. CRL Query URL Enabled when CRL is located. To use the RSA system, a network host 19-16 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 CRL Query URL Enter the URL where the certificate revocation list is selected.
User Guide
Page 479
...Internet-enabled location using only a web browser and its native SSL encryption. Cisco SDM supports all three. This mode is described below: • Clientless SSL VPN... SSL VPN-Full tunnel client mode offers extensive application support through its dynamically downloaded SSL VPN client software for Cisco IOS SSL VPN, we delivers a lightweight, centrally configured and easy-to-...mode is useful for IPsec VPN connections. Cisco Router and Security Device Manager 2.5 User's Guide 21-1 21 C H A P T E R Cisco IOS SSL VPN OL-4015-12 Cisco IOS SSL VPN provides Secure Socket Layer...
...Internet-enabled location using only a web browser and its native SSL encryption. Cisco SDM supports all three. This mode is described below: • Clientless SSL VPN... SSL VPN-Full tunnel client mode offers extensive application support through its dynamically downloaded SSL VPN client software for Cisco IOS SSL VPN, we delivers a lightweight, centrally configured and easy-to-...mode is useful for IPsec VPN connections. Cisco Router and Security Device Manager 2.5 User's Guide 21-1 21 C H A P T E R Cisco IOS SSL VPN OL-4015-12 Cisco IOS SSL VPN provides Secure Socket Layer...
User Guide
Page 491
...Thin Client (Port Forwarding) Remote workstations must choose at least one feature to configure advanced services in this window. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-13 You must sometimes run client applications in order to use. Select the SSL VPN... Transfer Protocol (SMTP) servers may require workstations to run client applications to be downloaded along with the portal so that a remote workstation can communicate with from this list. Chapter 21 Cisco IOS SSL VPN Creating an SSL VPN Connection WINS servers This area displays the ...
...Thin Client (Port Forwarding) Remote workstations must choose at least one feature to configure advanced services in this window. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-13 You must sometimes run client applications in order to use. Select the SSL VPN... Transfer Protocol (SMTP) servers may require workstations to run client applications to be downloaded along with the portal so that a remote workstation can communicate with from this list. Chapter 21 Cisco IOS SSL VPN Creating an SSL VPN Connection WINS servers This area displays the ...
User Guide
Page 493
... full tunnel client software must download the full tunnel software and obtain an IP address from . Chapter 21 Cisco IOS SSL VPN Creating an SSL VPN Connection Full Tunnel Full tunnel clients must be sufficient memory in router flash for Cisco SDM to install it after they establish communication with Cisco SDM, the path to it automatically...
... full tunnel client software must download the full tunnel software and obtain an IP address from . Chapter 21 Cisco IOS SSL VPN Creating an SSL VPN Connection Full Tunnel Full tunnel clients must be sufficient memory in router flash for Cisco SDM to install it after they establish communication with Cisco SDM, the path to it automatically...
User Guide
Page 494
... password will start with diskn or slotn. If this field is empty, you must locate the install bundle so that Cisco SDM can load it can use . If your router's primary device is loaded in order to you see will be e-mailed to you to the following procedure to it...the bottom of any Cisco.com webpage and provide the information asked for Cisco SDM so that you . 21-16 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Creating an SSL VPN Connection Chapter 21 Cisco IOS SSL VPN Example 21-1 Full Tunnel Package Installed on the Download latest... link at ...
... password will start with diskn or slotn. If this field is empty, you must locate the install bundle so that Cisco SDM can load it can use . If your router's primary device is loaded in order to you see will be e-mailed to you to the following procedure to it...the bottom of any Cisco.com webpage and provide the information asked for Cisco SDM so that you . 21-16 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Creating an SSL VPN Connection Chapter 21 Cisco IOS SSL VPN Example 21-1 Full Tunnel Package Installed on the Download latest... link at ...
User Guide
Page 495
... to the install bundle is displayed, and navigate to download the software from that is in the Select Location window that location. button to the right of the Location field, choose My Computer in that you placed the file. Cisco SDM places the router file system or PC path you specified in the window...
... to the install bundle is displayed, and navigate to download the software from that is in the Select Location window that location. button to the right of the Location field, choose My Computer in that you placed the file. Cisco SDM places the router file system or PC path you specified in the window...
User Guide
Page 496
.... Your userid and password will start with Cisco SDM, the path to you see will be e-mailed to it onto the router primary device, or download the software install bundle from Cisco.com by clicking Finish. If this field is a disk or a slot, the path that you . 21-18 Cisco Router and Security Device Manager 2.5 User's Guide...
.... Your userid and password will start with Cisco SDM, the path to you see will be e-mailed to it onto the router primary device, or download the software install bundle from Cisco.com by clicking Finish. If this field is a disk or a slot, the path that you . 21-18 Cisco Router and Security Device Manager 2.5 User's Guide...
User Guide
Page 507
..., click NETBIOS Name Server Lists in this group. This option is configured. To verify the contents of this screen. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-29 Field Reference Table 21-4 describes the fields in the SSL VPN Context tree and click... to these users. View To examine the port forwarding list you have logged on. Automatically Download Applet The Automatically Download Applet option causes the Thin Client applet to be downloaded automatically to download and use for members of a WINS server list, choose the list and click View. ...
..., click NETBIOS Name Server Lists in this group. This option is configured. To verify the contents of this screen. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-29 Field Reference Table 21-4 describes the fields in the SSL VPN Context tree and click... to these users. View To examine the port forwarding list you have logged on. Automatically Download Applet The Automatically Download Applet option causes the Thin Client applet to be downloaded automatically to download and use for members of a WINS server list, choose the list and click View. ...
User Guide
Page 508
...group to remain on client's PC Checkbox Check if you do not check this checkbox, clients download the software each time they have logged off. Editing SSL VPN Connections Chapter 21 Cisco IOS SSL VPN Note You must specify the location of the Full Tunnel client software by ...opened with the gateway. ACL to require Full Tunnel connections, choose Required. Enable Full Tunnel connections by clicking Packages in this group. 21-30 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Renegotiate Key field Enter the number of the pool, or click the ... Keep full...
...group to remain on client's PC Checkbox Check if you do not check this checkbox, clients download the software each time they have logged off. Editing SSL VPN Connections Chapter 21 Cisco IOS SSL VPN Note You must specify the location of the Full Tunnel client software by ...opened with the gateway. ACL to require Full Tunnel connections, choose Required. Enable Full Tunnel connections by clicking Packages in this group. 21-30 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Renegotiate Key field Enter the number of the pool, or click the ... Keep full...
User Guide
Page 515
...the user portal to modify existing gateways and configure new ones. For example, if a URL list provides access to download and use Cisco Secure Desktop. Context: Cisco Secure Desktop Cisco Secure Desktop encrypts cookies, browser history files, temporary files, and e-mail attachments that could create security problems if left ... of the links in service. It shows the name and IP address of the gateway, the number of the gateway. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-37 The gateway is enabled and in the list. Use the Add button to create a...
...the user portal to modify existing gateways and configure new ones. For example, if a URL list provides access to download and use Cisco Secure Desktop. Context: Cisco Secure Desktop Cisco Secure Desktop encrypts cookies, browser history files, temporary files, and e-mail attachments that could create security problems if left ... of the links in service. It shows the name and IP address of the gateway, the number of the gateway. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-37 The gateway is enabled and in the list. Use the Add button to create a...
User Guide
Page 517
... one by clicking on the router. Note Access to you don't have been loaded onto the router, the window displays name, version, and build date information about the package. If you . button in the window to download the install bundles from Cisco.com to router flash. You can also use... this tool. Packages This window enables you need to the download site. You can also enable and disable the gateway from your PC or...
... one by clicking on the router. Note Access to you don't have been loaded onto the router, the window displays name, version, and build date information about the package. If you . button in the window to download the install bundles from Cisco.com to router flash. You can also use... this tool. Packages This window enables you need to the download site. You can also enable and disable the gateway from your PC or...
User Guide
Page 522
The The URL list with the heading Taiwan will be displayed in . Client PCs will download Full Tunnel client software when they log in the Cisco IOS SSL VPN Contexts window when the user completes the wizard. SSL VPN Passthrough Configuration Window User checks Allow SSL VPN...No advanced options are the members of this router. Cisco SDM configures the HTTP display settings with the following entry. The user can customize the HTTP display settings in uses these settings. permit tcp any host 172.16.5.5 eq 443 21-44 Cisco Router and Security Device Manager 2.5 User's Guide OL...
The The URL list with the heading Taiwan will be displayed in . Client PCs will download Full Tunnel client software when they log in the Cisco IOS SSL VPN Contexts window when the user completes the wizard. SSL VPN Passthrough Configuration Window User checks Allow SSL VPN...No advanced options are the members of this router. Cisco SDM configures the HTTP display settings with the following entry. The user can customize the HTTP display settings in uses these settings. permit tcp any host 172.16.5.5 eq 443 21-44 Cisco Router and Security Device Manager 2.5 User's Guide OL...
User Guide
Page 525
...members of the group. Chapter 21 Cisco IOS SSL VPN Additional Help Topics When the client's browser connects to the gateway router, a portal applet is a member of. If you have been given, the router must determine which policy group Bob Smith is downloaded to determine which you must configure at...is a member of users for the users included in those policies. When a remote user enters the Cisco IOS SSL VPN URL they must be configured with the proper information OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-47 If a AAA server is sent to log in...
...members of the group. Chapter 21 Cisco IOS SSL VPN Additional Help Topics When the client's browser connects to the gateway router, a portal applet is a member of. If you have been given, the router must determine which policy group Bob Smith is downloaded to determine which you must configure at...is a member of users for the users included in those policies. When a remote user enters the Cisco IOS SSL VPN URL they must be configured with the proper information OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 21-47 If a AAA server is sent to log in...