Additional Help Topics
Cisco IOS SSL VPN Policies
Example
Cisco Router and Security Device Manager 2.5 User's Guide
21-42
another reachable IP address if one is available. Either a digital certificate or a
self-signed certificate must be configured for gateways to use. All gateways on the
router can use the same certificate.
Although one gateway can serve multiple Cisco IOS SSL VPN contexts, resource
constraints and IP address reachability must be taken into account.
Cisco IOS SSL VPN group policies allow you to accommodate the needs of
different groups of users. A group of engineers working remotely needs access to
different network resources than sales personnel working in the field. Business
partners and outside vendors must access the information they need to work with
your organization, but you must ensure that they do not have access to confidential
information or other resources they do not need. Creating a different policy for
each of these groups allows you provide remote users with the resources they
need, and prevent them from accessing other resources.
When you configure a group policy, resources such as URL lists, Port Forwarding
lists, and NetBIOS name server lists configured for the policy's associated context
are available for selection.
If there is more than one group policy configured on the router, you must
configure the router to use a AAA server to authenticate users and to determine
which policy group a particular user belongs to. Click
Policies
for more information.
In this example, a user clicks Create a new SSL VPN and uses the wizard to
create the first Cisco IOS SSL VPN configuration on the router. Completing this
wizard creates a new context, gateway, and group policy. The following table
contains the information the user enters in each wizard window, and the
configuration that Cisco SDM creates with that information.
Chapter 21
Cisco IOS SSL VPN
Learn More About Group
OL-4015-12