30-20
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Configuring Tunnel Groups
Note Allowing override account-disabled is a potential security risk.
Configuring WebVPN Tunnel-Group WebVPN Attributes
To configure the parameters specific to a WebVPN tunnel group, follow the steps in this section.
Step 1 To specify the attributes of a WebVPN tunnel-group, enter tunnel-group webvpn-attributes mode by
entering the following command. The prompt changes to indicate the mode change:
hostname(config)# tunnel-group tunnel-group-name webvpn-attributes
hostname(config-tunnel-ipsec)#
For example, to specify the webvpn-attributes for the WebVPN tunnel-group named sales, enter the
following command:
hostname(config)# tunnel-group sales webvpn-attributes
hostname(config-tunnel-webvpn)#
Step 2 To specify the authentication method to use: AAA, digital certificates, or both, enter the authentication
command. You can specify either aaa or certificate or both, in any order.
hostname(config-tunnel-webvpn)# authentication authentication_method
hostname(config-tunnel-webvpn)#
For example, The following command allows both AAA and certificate authentication:
hostname(config-tunnel-webvpn)# authentication aaa certificate
hostname(config-tunnel-webvpn)#
Applying Customization
Customizations determine the appearance of the windows that the user sees upon login. You configure
the customization parameters as part of configuring WebVPN.
To apply a previously defined web-page customization to change the look-and-feel of the web page that
the user sees at login, enter the customization command in username webvpn configuration mode:
hostname(config-username-webvpn)# customization {none | value customization_name}
hostname(config-username-webvpn)#
For example, to use the customization named blueborder, enter the following command:
hostname(config-username-webvpn)# customization value blueborder
hostname(config-username-webvpn)#
You configure the customization itself by entering the customization command in WebVPN mode.
The following example shows a command sequence that first establishes a WebVPN customization
named “123” that defines a password prompt. The example then defines a WebVPN tunnel-group named
“test” and uses the customization command to specifies the use of the WebVPN customization named
“123”:
hostname(config)# webvpn
hostname(config-webvpn)# customization 123
hostname(config-webvpn-custom)# password-prompt Enter password
hostname(config-webvpn)# exit
To Next Page
Loading...
Need help?
General