EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #674 background imageLoading...
Page #674 background image
34-10
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 34 Configuring Easy VPN Services on the ASA 5505
Guidelines for Configuring the Easy VPN Server
Group Policy and User Attributes Pushed to the Client
Upon tunnel establishment, the Easy VPN server pushes the values of the group policy or user attributes
stored in its configuration to the Easy VPN hardware client. Therefore, to change certain attributes
pushed to the Easy VPN hardware client, you must modify them on the security appliances configured
as the primary and secondary Easy VPN servers. This section identifies the group policy and user
attributes pushed to the Easy VPN hardware client.
Note This section serves only as a reference. For complete instructions on configuring group policies and
users, see Configuring Tunnel Groups, Group Policies, and Users, page 30-1.
Use Table 34-2 as a guide for determining which commands to enter to modify the group policy or user
attributes.
Table 34-2 Group Policy and User Attributes Pushed to the Cisco ASA 5505 Configured as an
EasyVPN Hardware Client
Command Description
backup-servers Sets up backup servers on the client in case the primary server fails to
respond.
banner Sends a banner to the client after establishing a tunnel.
client-access-rule Applies access rules.
client-firewall Sets up the firewall parameters on the VPN client.
default-domain Sends a domain name to the client.
dns-server Specifies the IP address of the primary and secondary DNS servers, or
prohibits the use of DNS servers.
dhcp-network-scope Specifies the IP subnetwork to which the DHCP server assigns address to
users within this group.
group-lock Specifies a tunnel group to ensure that users connect to that group.
ipsec-udp Uses UDP encapsulation for the IPSec tunnels.
ipsec-udp-port Specifies the port number for IPSec over UDP.
nem Enables or disables network extension mode.
password-storage Lets the VPN user save a password in the user profile.
pfs Commands the VPN client to use perfect forward secrecy.
re-xauth Requires XAUTH authentication when IKE rekeys.
Note: Disable re-xauth if secure unit authentication is enabled.
secure-unit-authentication Enables interactive authentication for VPN hardware clients.
split-dns Pushes a list of domains for name resolution.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals