EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1683 background imageLoading...
Page #1683 background image
1-49
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Profiles, Group Policies, and Users
Group Policies
Note The ACE access-list vpnfilt-ra permit 10.10.10.1 255.255.255.255 192.168.1.0
255.255.255.0 eq 23
allows the local network to initiate a connection to the Remote Access
client on any TCP port if it uses a source port of 23. The ACE
access-list vpnfilt-ra permit
10.10.10.1 255.255.255.255 eq 23 192.168.1.0 255.255.255.0
allows the Remote Access
client to initiate a connection to the local network on any TCP port if it uses a source port of 23.
In the next example, the vpn-filter is used with a LAN to LAN VPN connection. This example assumes
that the remote network is 10.0.0.0/24 and the local network is 192.168.1.0/24.
The following ACE will allow remote network to telnet to the local network:
hostname(config-group-policy)# access-list vpnfilt-l2l permit 10.0.0.0 255.255.255.0
192.168.1.0 255.255.255.0 eq 23
The following ACE will allow the local network to telnet to the remote network:
hostname(config-group-policy)# access-list vpnfilt-l2l permit 10.0.0.0 255.255.255.0 eq 23
192.168.1.0 255.255.255.0
Note The ACE access-list vpnfilt-l2l permit 10.0.0.0 255.255.255.0 192.168.1.0
255.255.255.0 eq 23
allows the local network to initiate a connection to the remote network
on any TCP port if it uses a source port of 23. The ACE
access-list vpnfilt-l2l permit
10.0.0.0 255.255.255.0 eq 23 192.168.1.0 255.255.255.0
allows the remote network to
initiate a connection to the local network on any TCP port if it uses a source port of 23.
Specifying a NAC Policy for a Group Policy
This command selects the name of a Network Admission Control policy to apply to this group policy.
You can assign an optional NAC policy to each group policy. The default value is --None--.
Prerquisite
Create a NAC policy. See Configuring Network Admission Control, page 73-1.
Detailed Steps
Command Purpose
Step 1
group-policy value attributes
Example:
hostname> en
hostname# config t
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)#
Enter group policy configuration mode.
Step 2
nac-settings value nac-policy-name
Example:
hostname(config-group-policy)# nac-settings value
nac-policy-1
hostname(config-group-policy)#
Assigns the NAC policy named nac-policy-1 to the
FirstGroup group policy.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals