Cisco ASA 5505 User Manual

Page 1509

Advertising
background image

67-83

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring User Attributes

You configure ACLs to permit or deny various types of traffic for this user. You then use the vpn-filter
command to apply those ACLs.

hostname(config-username)# vpn-filter {value ACL_name

| none}

hostname(config-username)# no vpn-filter

hostname(config-username)#

Note

Clientless SSL VPN does not use ACLs defined in the vpn-filter command.

The following example shows how to set a filter that invokes an access list named acl_vpn for the user
named anyuser:

hostname(config)# username anyuser attributes

hostname(config-username)# vpn-filter value acl_vpn

hostname(config-username)#

Specifying the IP Address and Netmask

Specify the IP address and netmask to assign to a particular user. To remove the IP address, enter the no
form of this command.

hostname(config-username)# vpn-framed-ip-address {ip_address}

hostname(config-username)# no vpn-framed-ip-address

hostname(config-username)

The following example shows how to set an IP address of 10.92.166.7 for a user named anyuser:

hostname(config)# username anyuser attributes

hostname(config-username)# vpn-framed-ip-address 10.92.166.7

hostname(config-username)

Specify the network mask to use with the IP address specified in the previous step. If you used the
no vpn-framed-ip-address command, do not specify a network mask. To remove the subnet mask, enter
the no form of this command. There is no default behavior or value.

hostname(config-username)# vpn-framed-ip-netmask {netmask}

hostname(config-username)# no vpn-framed-ip-netmask

hostname(config-username)

The following example shows how to set a subnet mask of 255.255.255. 254 for a user named anyuser:

hostname(config)# username anyuser attributes

hostname(config-username)# vpn-framed-ip-netmask 255.255.255.254

hostname(config-username)

Specifying the Tunnel Protocol

Specify the VPN tunnel types (IPsec or clientless SSL VPN) that this user can use. The default is taken
from the default group policy, the default for which is IPsec. To remove the attribute from the running
configuration, enter the no form of this command.

hostname(config-username)# vpn-tunnel-protocol {webvpn | IPsec}

hostname(config-username)# no vpn-tunnel-protocol [webvpn | IPsec]

hostname(config-username)

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals