Specifying the tunnel group, Specifying the trustpoint – Cisco ASA 5505 User Manual

Page 1565

Advertising
background image

71-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 71 Configuring Easy VPN Services on the ASA 5505

Specifying the Tunnel Group or Trustpoint

Specifying the Tunnel Group

Enter the following command in global configuration mode to specify the name of the VPN tunnel group
and password for the Easy VPN client connection to the server:

vpnclient vpngroup group_name password preshared_key

group_name is the name of the VPN tunnel group configured on the Easy VPN server. You must
configure this tunnel group on the server before establishing a connection.

preshared_key is the IKE pre-shared key used for authentication on the Easy VPN server.

For example, enter the following command to identify the VPN tunnel group named TestGroup1 and the
IKE preshared key my_key123.

hostname(config)# vpnclient vpngroup TestGroup1 password my_key123

hostname(config)#

To remove the attribute from the running configuration, enter the following command:

no vpnclient vpngroup

If the configuration of the ASA 5505 running as an Easy VPN client does not specify a tunnel group, the
client attempts to use an RSA certificate.

For example:

hostname(config)# no vpnclient vpngroup

hostname(config)#

Specifying the Trustpoint

A trustpoint represents a CA identity, and possibly a device identity, based on a certificate the CA issues.
These parameters specify how the ASA obtains its certificate from the CA and define the authentication
policies for user certificates issued by the CA.

First define the trustpoint using the crypto ca trustpoint command, as described in

“Configuring

Trustpoints” section on page 41-10

. Then enter the following command in global configuration mode to

name the trustpoint identifying the RSA certificate to use for authentication:

vpnclient trustpoint trustpoint_name [chain]

trustpoint_name names the trustpoint identifying the RSA certificate to use for authentication.

(Optional) chain sends the entire certificate chain.

For example, enter the following command to specify the identity certificate named central and send the
entire certificate chain:

hostname(config)# crypto ca trustpoint central

hostname(config)# vpnclient trustpoint central chain

hostname(config)#

To remove the attribute from the running configuration, enter the following command:

no vpnclient trustpoint

For example:

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals