1-7
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
Default IPsec Remote Access Connection Profile Configuration
The contents of the default remote-access connection profile are as follows:
tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
accounting-server-group RADIUS
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
authorization-dn-attributes CN OU
tunnel-group DefaultRAGroup webvpn-attributes
hic-fail-group-policy DfltGrpPolicy
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
dns-group DefaultDNS
tunnel-group DefaultRAGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 1500 retry 2
no radius-sdi-xauth
isakmp ikev1-user-authentication xauth
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
Configuring IPsec Tunnel-Group General Attributes
The general attributes are common across more than one tunnel-group type. IPsec remote access and
clientless SSL VPN tunnels share most of the same general attributes. IPsec LAN-to-LAN tunnels use a
subset. Refer to the Cisco ASA Series Command Reference for complete descriptions of all commands.
This section describes, in order, how to configure remote-access and LAN-to-LAN connection profiles.
Table 1-2 Maximum VPN Sessions and Connection Profiles Per ASA Platform
5505 Base/
Security Plus
5510/Base/
Security
Plus
5520 5540 5550 5580-20 5580-40
Maximum VPN Sessions 10/25 250 750 5000 5000 10,000 10,000
Maximum Connection Profiles 15/30 255 755 5005 5005 10,005 10,005
To Next Page
Loading...
Need help?
General
