30-30
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Group Policies
Figure 30-6 Active Directory—Enforce Password Complexity
Enforcing password complexity takes effect only when the user changes passwords; for example, when
you have configured Enforce password change at next login or Password expires in n days. At login, the
user receives a prompt to enter a new password, and the system will accept only a complex password.
Group Policies
This section describes group policies and how to configure them. It includes the following sections:
• Default Group Policy, page 30-31
• Configuring Group Policies, page 30-33
A group policy is a set of user-oriented attribute/value pairs for IPSec connections that are stored either
internally (locally) on the device or externally on a RADIUS server. The tunnel group uses a group policy
that sets terms for user connections after the tunnel is established. Group policies let you apply whole
sets of attributes to a user or a group of users, rather than having to specify each attribute individually
for each user.
Enter the group-policy commands in global configuration mode to assign a group policy to users or to
modify a group policy for specific users.
The security appliance includes a default group policy. In addition to the default group policy, which you
can modify but not delete, you can create one or more group policies specific to your environment.
You can configure internal and external group policies. Internal groups are configured on the security
appliance’s internal database. External groups are configured on an external authentication server, such
as RADIUS. Group policies include the following attributes:
• Identity
• Server definitions
To Next Page
Loading...
Need help?
General