30-12
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Configuring Tunnel Groups
For example, the following commands enable hybrid XAUTH on the inside interface for a tunnel group
called example-group:
hostname(config)# tunnel-group example-group type ipsec-ra
hostname(config)# tunnel-group example-group ipsec-attributes
hostname(config-tunnel-ipsec)# isakmp ikev1-user-authentication (inside) hybrid
hostname(config-tunnel-ipsec)#
Configuring IPSec Remote-Access Tunnel Group PPP Attributes
To configure the Point-to-Point Protocol attributes for a remote-access tunnel group, do the following
steps. PPP attributes apply only to IPSec remote-access tunnel groups. The following description
assumes that you have already created the IPSec remote-access tunnel group.
Step 1 Enter tunnel-group ppp-attributes configuration mode, in which you configure the remote-access
tunnel-group PPP attributes, by entering the following command. The prompt changes to indicate the
mode change:
hostname(config)# tunnel-group tunnel-group-name type ipsec-ra
hostname(config)# tunnel-group tunnel-group-name ppp-attributes
hostname(config-tunnel-ppp)#
For example, the following command designates that the tunnel-group ppp-attributes mode commands
that follow pertain to the tunnel group named TG1. Notice that the prompt changes to indicate that you
are now in tunnel-group ppp-attributes mode:
hostname(config)# tunnel-group TG1 type ipsec-ra
hostname(config)# tunnel-group TG1 ppp-attributes
hostname(config-tunnel-ppp)#
Step 2 Specify whether to enable authentication using specific protocols for the PPP connection. The protocol
value can be:
• pap—Enables the use of Password Authentication Protocol for the PPP connection.
• chap—Enables the use of Challenge Handshake Authentication Protocol for the PPP connection.
• ms-chap-v1 or ms-chap-v2—Enables the use of Microsoft Challenge Handshake Authentication
Protocol, version 1 or version 2 for the PPP connection.
• eap—Enables the use of Extensible Authentication protocol for the PPP connection.
CHAP and MSCHAPv1 are enabled by default.
The syntax of this command is:
hostname(config-tunnel-ppp)# authentication protocol
hostname(config-tunnel-ppp)#
To disable authentication for a specific protocol, use the no form of the command:
hostname(config-tunnel-ppp)# no authentication protocol
hostname(config-tunnel-ppp)#
For example, the following command enables the use of the PAP protocol for a PPP connection.
hostname(config-tunnel-ppp)# authentication pap
hostname(config-tunnel-ppp)#
The following command enables the use of the MS-CHAP, version 2 protocol for a PPP connection:
To Next Page
Loading...
Need help?
General