Cisco SA520-K9 Administration Guide - Page 161

Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 • When two policies are in conflict, a more specific policy takes precedence over a general policy. For example, a policy for a specific IP address takes precedence over a policy for a range of addresses that includes this IP address. A policy can be offered to the VPN Tunnel, Port Forwarding, or both. After you define a policy, it goes into effect immediately. However, if Remote Management (RMON) is not enabled, SSL VPN access will be blocked. See RMON (Remote Management), page 197. If you are creating a policy that applies to a network resource, you first need to configure a record for the network resource. See Specifying the Network Resources for SSL VPN, page 163. STEP 1 Click VPN > SSL VPN Server > SSL VPN Policies. The SSL VPN Policies window opens. STEP 2 In the Query area, choose which policies to display in the List of SSL VPN Policies table. • View List of SSL VPN Policies for: Choose Global for all users, Group for a particular group, or User for a particular user. • Available Groups: If you chose Group as the query type, choose the name from this list. • Available Users: If you chose User as the query type, choose the name from this list. • Click Display to run the query. STEP 3 To add an SSL VPN policy, click Add. Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then click Delete. To select all entries, check the box in the first column of the table heading. After you click Add or Edit, the SSL VPN Policy Configuration window opens. STEP 4 In the Policy For area, enter the following information: • Policy For: Choose the type of policy: Global, Group, or User. If you choose Group, also choose the group from the Available Groups list. If you choose User, also choose the user from the Available Users list. Cisco SA500 Series Security Appliances Administration Guide 161