-
Using Management Center for Firewalls 1.2
-
Preface
-
Getting Started With Firewall MC
-
Task Flow Checklists
-
Preparing the Firewall MC Environment
-
Managing Activities
-
Preparing Your Network
-
Creating an Inheritance and Grouping Strategy
-
Representing Network Assets in Firewall MC
-
Configuring Device-Level Settings
-
Configuring Routing Rules
-
Defining Your Policy Building Blocks
-
Configuring Access Rules
-
Configuring Translation Rules
-
Manually Defining Rules Using CLI Syntax
-
Generating and Verifying Configuration Files
-
Deploying Configuration Files
-
Monitoring and Reports
-
Configuring VPN Settings
-
Configuring Failover
-
Maintaining your Firewall MC Server
-
Troubleshooting
-
Understanding User Roles and Permissions
-
Index
-
Table of Contents
Configuring VPN SettingsConfiguring Easy VPN Remote
Configuring Easy VPN Management
Configuring VPN Settings
Firewall MC provides the following features for configuring Easy VPN Remote (vpnclient command) on a PIX Firewall:
- Easy VPN Remote—allows you to configure a PIX Firewall to operate as a Cisco Secure VPN client. See Configuring Easy VPN Remote.
- Easy VPN Management—allows you to control remote management access to your PIX Firewall. See Configuring Easy VPN Management.
Configuring Easy VPN Remote
The Easy VPN Remote feature allows you to configure a PIX Firewall to operate as a Cisco Secure VPN client, thus providing a VPN connection to an Easy VPN Server. To access this feature, select Configuration > Device Settings > Servers and Services > Easy VPN Remote.
Applying Easy VPN Remote Settings
Step 1 Select Configuration > Device Settings > Servers and Services > Easy VPN Remote.
The Easy VPN Remote page appears.
Step 2 Select the Enable Easy VPN Remote check box to instruct the PIX Firewall to operate as a Cisco Secure VPN client.
Step 3 Enter the primary Cisco Easy VPN Server (concentrator) IP address to which the VPN client connects.
Step 4 Enter one or more secondary Cisco Easy VPN Server (concentrator) IP addresses to which the VPN client connects when the primary Cisco Easy VPN Server is unavailable.
Step 5 Enter the name of the VPN group that is configured on the Cisco Easy VPN Server. Maximum length is 63 alphanumeric characters.
Step 6 Enter the group password, which is an arbitrary string of characters used to prevent unauthorized access to a group of associated resources.
Step 7 Reenter the group password in the Confirm Group Password field.
Step 8 Enter the username to use for authentication. Maximum length is 127 characters.
Step 9 Enter the user password.
Step 10 Reenter the user password in the Confirm User Password field.
Step 11 Select the mode by clicking the appropriate radio button. See Easy VPN Remote Field-Level Elements and Descriptions.
Step 12 To exempt certain devices from user authentication, enter the MAC address and mask for those devices in the MAC Exempt Addresses and Masks field.
Enter MAC addresses and their respective masks in pairs. Use a space to separate the MAC address and the mask and a comma to separate information for multiple devices. Use one of the following formats:
For example, 0090.0C7A.0050 ffff.ffff.ffff, 00:72:34:a3:09:c4 ff:ff:ff:ff:ff:ff.
 |
Note If you enter a MAC address or mask using any of the formats other than xxxx.xxxx.xxxx, Firewall MC converts the MAC address or mask to the xxxx.xxxx.xxxx format when you click Apply. |
Step 13 Click Apply.
Changes are applied to the assigned firewall device configuration files when the files are generated. The configuration files are then downloaded to the firewall devices at deployment.
Easy VPN Remote Field-Level Elements and Descriptions
|
Configuring Easy VPN Management
PIX Firewall OS version 6.3 introduces a feature that improves administrative security by letting you identify the networks from which your PIX Firewall can be managed remotely or by preventing remote management. The Easy VPN Management feature allows you to control remote management access to your PIX Firewall. To access this feature, select Configuration > Device Settings > Servers and Services > Easy VPN Management.
|
Note Only the default setting is supported for PIX Firewall OS versions earlier than 6.3. |
Applying Easy VPN Management Settings
Step 1 Select Configuration > Device Settings > Servers and Services > Easy VPN Management.
The Easy VPN Management page appears.
Step 2 Select the Enable Easy VPN Remote check box to instruct the firewall device to operate as a Cisco Secure VPN client.
Step 3 To select the Management Access Configuration mode, click the appropriate radio button. See Easy VPN Management Field-Level Elements and Descriptions.
|
Note If you select the Allow Access Via Tunnel Only radio button, the vpnclient management command will not exist in the configuration. This setting must be used for versions of the PIX Firewall OS that do not support the vpnclient management command. |
- To allow specific hosts to manage this device remotely without using a VPN tunnel and any host to manage this device remotely by using a VPN tunnel:
-
- Select Allow These Hosts to Remote Manage.
- Enter the IP address and subnet mask of the hosts that can manage this device remotely. Use a slash (/) to separate the IP address and subnet mask and a comma to separate information for multiple hosts (for example,
192.168.1.1/255.255.255.0, 192.168.2.1/24). If you do not specify a subnet mask, Firewall MC applies a host mask (/32).
- To not require a VPN tunnel for management access to this device, select Allow Clear Management Access.
Step 4 Click Apply.
Changes are applied to the assigned firewall device configuration files when the files are generated. The configuration files are then downloaded to the firewall devices at deployment.
Easy VPN Management Field-Level Elements and Descriptions
|