64-7
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 64 General VPN Setup
Group Policies
• Accounting Mode—Indicates whether to use simultaneous or single accounting mode. In single
mode, the adaptive security appliance sends accounting data to only one server. In simultaneous
mode, the adaptive security appliance sends accounting data to all servers in the group. The
Accounting Mode attribute applies only to RADIUS and TACACS+ protocols.
• Reactivation Mode—Specifies the method by which failed servers are reactivated: Depletion or
Timed reactivation mode. In Depletion mode, failed servers are reactivated only after all of the
servers in the group become inactive. In Timed mode, failed servers are reactivated after 30 seconds
of down time.
• Dead Time—Specifies, for depletion mode, the number of minutes (0 through 1440) that must elapse
between the disabling of the last server in the group and the subsequent re-enabling of all servers.
The default value is 10 minutes. This field is not available for timed mode.
• Max Failed Attempts— Specifies the number (an integer in the range 1 through 5) of failed
connection attempts allowed before declaring a nonresponsive server inactive. The default value is
3 attempts.
Adding or Editing a Remote Access Internal Group Policy, General Attributes
The Add or Edit Group Policy dialog box lets you specify tunneling protocols, filters, connection
settings, and servers for the group policy being added or modified. For each of the fields on this dialog
box, checking the Inherit check box lets the corresponding setting take its value from the default group
policy. Inherit is the default value for all of the attributes in this dialog box.
Fields
The following attributes appear in the Add Internal Group Policy > General dialog box. They apply to
SSL VPN and IPsec sessions, or clientless SSL VPN sessions. Thus, several are present for one type of
session, but not the other.
• Name—Specifies the name of this group policy up to 64 characters; spaces are allowed. For the Edit
function, this field is read-only.
• Banner—Specifies the banner text to present to users at login. The length can be up to 491
characters. There is no default value.
The IPsec VPN client supports full HTML for the banner. However, the clientless portal and the
AnyConnect client support partial HTML. To ensure the banner displays properly to remote users,
follow these guidelines:
–
For IPsec client users, use the /n tag.
–
For AnyConnect client users, use the <BR> tag.
–
For clientless users, use the <BR> tag.
• Address Pools—(Network (Client) Access only) Specifies the name of one or more address pools to
use for this group policy.
• Select—(Network (Client) Access only) Opens the Select Address Pools dialog box, which shows
the pool name, starting and ending addresses, and subnet mask of address pools available for client
address assignment and lets you select, add, edit, delete, and assign entries from that list.
• IPv6 Address Pools—Specifies the name of one or more IPv6 address pools to use for this group
policy. The Select button following this field opens the Select Address Pools dialog box, as
previously described.
• More Options—Displays additional configurable options for this group policy.
To Next Page
Loading...
Need help?
General
