Mapping Certificates to IPsec or SSL VPN Connection Profiles
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit Tunnel Group > PPP
On the Add or Edit Tunnel Group dialog box for a IPsec remote access tunnel group, the PPP dialog box
lets you configure or edit the authentication protocols permitted of a PPP connection. This dialog box
applies only to IPsec remote access tunnel groups.
Fields
•
•
•
•
•
Modes
The following table shows the modes in which this feature is available:
Cisco ASA 5500 Series Configuration Guide using ASDM
64-92
Monitor Keepalives—Enables or disables IKE keep alive monitoring. Selecting this option
–
makes available the Confidence Interval and Retry Interval fields.
–
Confidence Interval—Specifies the IKE keepalive confidence interval. This is the number of
seconds the adaptive security appliance should allow a peer to idle before beginning keepalive
monitoring. The minimum is 10 seconds; the maximum is 300 seconds. The default for a remote
access group is 300 seconds.
Retry Interval—Specifies number of seconds to wait between IKE keepalive retries. The default
–
is 2 seconds.
Head end will never initiate keepalive monitoring—Specifies that the central-site adaptive
–
security appliance never initiates keepalive monitoring.
Default Group Policy—Specifies the following group-policy attributes:
Group Policy—Selects a group policy to use as the default group policy. The default value is
–
DfltGrpPolicy.
Manage—Opens the Configure Group Policies dialog box.
–
IPsec Protocol—Enables or disables the use of the IPsec protocol for this connection profile.
–
Security Context
Transparent Single
—
•
CHAP—Enables the use of the CHAP protocol for a PPP connection.
MS-CHAP-V1—Enables the use of the MS-CHAP-V1 protocol for a PPP connection.
MS-CHAP-V2—Enables the use of the MS-CHAP-V2 protocol for a PPP connection.
PAP—Enables the use of the PAP protocol for a PPP connection.
EAP-PROXY—Enables the use of the EAP-PROXY protocol for a PPP connection. EAP refers to
the Extensible Authentication protocol.
Multiple
Context
System
—
—
Chapter 64
General VPN Setup
OL-20339-01