Configuring Advanced Easy VPN Attributes
Step 8
Step 9
Configuring Advanced Easy VPN Attributes
Cisco ASA 5505 Getting Started Guide
5-8
Specify one or more Easy VPN servers from which this device obtains VPN
security policies.
In the Easy VPN server To Be Added area, enter the host name or IP address
a.
of an Easy VPN server.
Click Add or Remove to add or remove servers from the Easy VPN servers
b.
list.
The first server on the list is used as the primary server. Other servers on the
list provide redundancy. If you are using a Cisco VPN3002 VPN
Concentrator as the headend device, the concentrator can be configured to
balance the load across all servers in the list.
You can specify up to nine backup servers, for a total of ten servers.
Click Apply to push the configuration to the adaptive security appliance.
To save the configuration, click the Save button in the top toolbar.
You might need to perform some advanced configuration tasks if your network
meets any of the following conditions:
Your network includes devices that are incapable of performing
•
authentication, and therefore are incapable of participating in individual unit
authentication. Such devices include Cisco IP phones, printers, and the like.
To accommodate these devices, you can enable the device pass-through
feature.
Your ASA 5505 is operating behind a NAT device.
•
In this case, you must use tunneled management attributes to specify whether
device management should occur in the clear or through the tunnel and the
network or networks allowed to to manage the Easy VPN connection through
the tunnel.
The public address of the ASA 5505 is not accessible when behind the
Note
NAT device unless you add static NAT mappings on the NAT device.
Chapter 5
Scenario: Easy VPN Hardware Client Configuration
78-17612-01