Cisco ASA 5505 User Manual
Page 1435
67-9
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 67 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
Step 3
Specify the name of the authorization-server group, if any, to use. When you configure this value, users
must exist in the authorization database to connect:
hostname(config-tunnel-general)# authorization-server-group groupname
hostname(config-tunnel-general)#
The name of the authorization server group can be up to 16 characters long. For example, the following
command specifies the use of the authorization-server group FinGroup:
hostname(config-tunnel-general)# authorization-server-group FinGroup
hostname(config-tunnel-general)#
Step 4
Specify the name of the accounting-server group, if any, to use:
hostname(config-tunnel-general)# accounting-server-group groupname
hostname(config-tunnel-general)#
The name of the accounting server group can be up to 16 characters long. For example, the following
command specifies the use of the accounting-server group named comptroller:
hostname(config-tunnel-general)# accounting-server-group comptroller
hostname(config-tunnel-general)#
Step 5
Specify the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy policyname
hostname(config-tunnel-general)#
The name of the group policy can be up to 64 characters long. The following example sets DfltGrpPolicy
as the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy DfltGrpPolicy
hostname(config-tunnel-general)#
Step 6
Specify the names or IP addresses of the DHCP server (up to 10 servers), and the names of the DHCP
address pools (up to 6 pools). The defaults are no DHCP server and no address pool. The dhcp-server
command will allow you to configure the security appliance to send additional options to the specified
DHCP servers when it is trying to get IP addresses for VPN clients. See the dhcp-server command in
the Cisco Security Appliance Command Reference guide for more information.
hostname(config-tunnel-general)# dhcp-server server1 [...server10]
hostname(config-tunnel-general)# address-pool [(interface name)] address_pool1
[...address_pool6]
hostname(config-tunnel-general)#
Note
If you specify an interface name, you must enclosed it within parentheses.
You configure address pools with the ip local pool command in global configuration mode.
Step 7
Specify the name of the NAC authentication server group, if you are using Network Admission Control,
to identify the group of authentication servers to be used for Network Admission Control posture
validation. Configure at least one Access Control Server to support NAC. Use the aaa-server command
to name the ACS group. Then use the nac-authentication-server-group command, using the same name
for the server group.
The following example identifies acs-group1 as the authentication server group to be used for NAC
posture validation:
hostname(config-group-policy)# nac-authentication-server-group acs-group1
hostname(config-group-policy)