Default group policy – Cisco ASA 5505 User Manual

Page 1463

Advertising
background image

67-37

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Group Policies

Hardware client settings

Filters

Client configuration settings

Connection settings

Default Group Policy

The ASA supplies a default group policy. You can modify this default group policy, but you cannot delete
it. A default group policy, named DfltGrpPolicy, always exists on the ASA, but this default group policy
does not take effect unless you configure the ASA to use it. When you configure other group policies,
any attribute that you do not explicitly specify takes its value from the default group policy. To view the
default group policy, enter the following command:

hostname(config)# show running-config all group-policy DfltGrpPolicy

hostname(config)#

To configure the default group policy, enter the following command:

hostname(config)# group-policy DfltGrpPolicy internal

hostname(config)#

Note

The default group policy is always internal. Despite the fact that the command syntax is

hostname(config)# group-policy DfltGrpPolicy

{

internal

|

external

}, you cannot change its type

to external.

To change any of the attributes of the default group policy, use the group-policy attributes command
to enter attributes mode, then specify the commands to change whatever attributes that you want to
modify:

hostname(config)# group-policy DfltGrpPolicy attributes

Note

The attributes mode applies only to internal group policies.

The default group policy, DfltGrpPolicy, that the ASA provides is as follows:

show run all group-policy DfltGrpPolicy

group-policy DfltGrpPolicy internal

group-policy DfltGrpPolicy attributes

banner none

wins-server none

dns-server none

dhcp-network-scope none

vpn-access-hours none

vpn-simultaneous-logins 3

vpn-idle-timeout 30

vpn-session-timeout none

vpn-filter none

ipv6-vpn-filter none

vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless

password-storage disable

ip-comp disable

re-xauth disable

group-lock none

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals