EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #559 background imageLoading...
Page #559 background image
30-5
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Configuring Tunnel Groups
• One or more group aliases; these are alternate names by which the server can refer to a tunnel group.
At login, the user selects the group name from a dropdown menu.
• One or more group URLs. If you configure this parameter, users coming in on a specified URL need
not select a group at login.
• A group policy that grants a WebVPN user access rights that are different from the default group
policy.
• The name of the NetBIOS Name Service server (nbns-server) to use for CIFS name resolution.
Configuring Tunnel Groups
The following sections describe the contents and configuration of tunnel groups:
• Default IPSec Remote Access Tunnel Group Configuration, page 30-5
• Specifying a Name and Type for the IPSec Remote Access Tunnel Group, page 30-6
• Configuring IPSec Remote-Access Tunnel Groups, page 30-6
• Configuring LAN-to-LAN Tunnel Groups, page 30-13
• Configuring WebVPN Tunnel Groups, page 30-16
• Customizing Login Windows for WebVPN Users, page 30-23
You can modify the default tunnel groups, and you can configure a new tunnel group as any of the three
tunnel-group types. If you don’t explicitly configure an attribute in a tunnel group, that attribute gets its
value from the default tunnel group. The default tunnel-group type is ipsec-ra. The subsequent
parameters depend upon your choice of tunnel type. To see the current configured and default
configuration of all your tunnel groups, including the default tunnel group, enter the show
running-config all tunnel-group command.
Default IPSec Remote Access Tunnel Group Configuration
The contents of the default remote-access tunnel group are as follows:
tunnel-group DefaultRAGroup type ipsec-ra
tunnel-group DefaultRAGroup general-attributes
no address-pool
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no nac-authentication-server-group
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
authorization-dn-attributes CN OU
tunnel-group DefaultRAGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 100 retry 2
isakmp ikev1-user-authentication xauth

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals