Cisco ASA 5505 User Manual

Page 1446

Advertising
background image

67-20

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring Connection Profiles

Note

Before the authentication type can be set to hybrid, you must configure the authentication server,
create a preshared key, and configure a trustpoint.

For example, the following commands enable hybrid XAUTH for a connection profile called
example-group:

hostname(config)# tunnel-group example-group type remote-access

hostname(config)# tunnel-group example-group ipsec-attributes

hostname(config-tunnel-ipsec)# isakmp ikev1-user-authentication hybrid

hostname(config-tunnel-ipsec)#

Configuring Connection Profiles for Clientless SSL VPN Sessions

The tunnel-group general attributes for clientless SSL VPN connection profiles are the same as those for
IPsec remote-access connection profiles, except that the tunnel-group type is webvpn and the
strip-group and strip-realm commands do not apply. You define the attribute specific to clientless SSL
VPN separately. The following sections describe how to configure clientless SSL VPN connection
profiles:

Configuring General Tunnel-Group Attributes for Clientless SSL VPN Sessions, page 67-20

Configuring Tunnel-Group Attributes for Clientless SSL VPN Sessions, page 67-23

Configuring General Tunnel-Group Attributes for Clientless SSL VPN Sessions

To configure or change the connection profile general attributes, specify the parameters in the following
steps.

Step 1

To configure the general attributes, enter tunnel-group general-attributes command, which enters
tunnel-group general-attributes configuration mode. Note that the prompt changes:

hostname(config)# tunnel-group tunnel_group_name general-attributes

hostname(config-tunnel-general)#

To configure the general attributes for TunnelGroup3, created in the previous section, enter the following
command:

hostname(config)# tunnel-group TunnelGroup3 general-attributes

hostname(config-tunnel-general)#

Step 2

Specify the name of the authentication-server group, if any, to use. If you want to use the LOCAL
database for authentication if the specified server group fails, append the keyword LOCAL:

hostname(config-tunnel-general)# authentication-server-group groupname [LOCAL]

hostname(config-tunnel-general)#

For example, to configure the authentication server group named test, and to provide fallback to the
LOCAL server if the authentication server group fails, enter the following command:

hostname(config-tunnel-general)# authentication-server-group test LOCAL

hostname(config-tunnel-general)#

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals