30-31
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Group Policies
• Client firewall settings
• Tunneling protocols
• IPSec settings
• Hardware client settings
• Filters
• Client configuration settings
• WebVPN functions
• Connection settings
Default Group Policy
The security appliance supplies a default group policy. You can modify this default group policy, but you
cannot delete it. A default group policy, named DfltGrpPolicy, always exists on the security appliance,
but this default group policy does not take effect unless you configure the security appliance to use it.
When you configure other group policies, any attribute that you do not explicitly specify takes its value
from the default group policy. To view the default group policy, enter the following command:
hostname(config)# show running-config all group-policy DfltGrpPolicy
hostname(config)#
To configure the default group policy, enter the following command:
hostname(config)# group-policy DfltGrpPolicy internal
hostname(config)#
Note The default group policy is always internal. Despite the fact that the command syntax is
hostname(config)# group-policy DfltGrpPolicy {internal | external}, you cannot change the type
to external.
To change any of the attributes of the default group policy, use the group-policy attributes command
to enter attributes mode, then specify the commands to change whatever attributes that you want to
modify:
hostname(config)# group-policy DfltGrpPolicy attributes
Note The attributes mode applies only to internal group policies.
The default group policy, DfltGrpPolicy, that the security appliance provides is as follows:
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 2000
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
To Next Page
Loading...
Need help?
General