Configuring ipsec tunnel-group general attributes, Configuring remote-access connection profiles – Cisco ASA 5505 User Manual

Page 1433

Advertising
background image

67-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring Connection Profiles

Default IPsec Remote Access Connection Profile Configuration

The contents of the default remote-access connection profile are as follows:

tunnel-group DefaultRAGroup type remote-access

tunnel-group DefaultRAGroup general-attributes

no address-pool

no ipv6-address-pool

authentication-server-group LOCAL

accounting-server-group RADIUS

default-group-policy DfltGrpPolicy

no dhcp-server

no strip-realm

no password-management

no override-account-disable

no strip-group

no authorization-required

authorization-dn-attributes CN OU

tunnel-group DefaultRAGroup webvpn-attributes

hic-fail-group-policy DfltGrpPolicy

customization DfltCustomization

authentication aaa

no override-svc-download

no radius-reject-message

dns-group DefaultDNS

tunnel-group DefaultRAGroup ipsec-attributes

no pre-shared-key

peer-id-validate req

no chain

no trust-point

isakmp keepalive threshold 1500 retry 2

no radius-sdi-xauth

isakmp ikev1-user-authentication xauth

tunnel-group DefaultRAGroup ppp-attributes

no authentication pap

authentication chap

authentication ms-chap-v1

no authentication ms-chap-v2

no authentication eap-proxy

Configuring IPsec Tunnel-Group General Attributes

The general attributes are common across more than one tunnel-group type. IPsec remote access and
clientless SSL VPN tunnels share most of the same general attributes. IPsec LAN-to-LAN tunnels use a
subset. Refer to the command reference for complete descriptions of all commands. The following
sections describe, in order, how to configure remote-access and LAN-to-LAN connection profiles.

Configuring Remote-Access Connection Profiles

Use an remote-access connection profile when setting up a connection between the following remote
clients and a central-site ASA:

Legacy Cisco VPN Client (connecting with IPsec/IKEv1)

AnyConnect Secure Mobility Client (connecting with SSL or IPsec/IKEv2)

Clientless SSL VPN (browser-based connecting with SSL)

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals