1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
Configuring Remote-Access Connection Profiles
Use a remote-access connection profile when setting up a connection between the following remote
clients and a central-site ASA:
–
Legacy Cisco VPN Client (connecting with IPsec/IKEv1)
–
AnyConnect Secure Mobility Client (connecting with SSL or IPsec/IKEv2)
–
Clientless SSL VPN (browser-based connecting with SSL)
–
Cisco ASA 5500 Easy VPN hardware client (connecting with IPsec/IKEv1)
–
Cisco VPM 3002 hardware client (connecting with IPsec/IKEv1)
We also provide a default group policy named DfltGrpPolicy.
To configure an remote-access connection profile, first configure the tunnel-group general attributes,
then the remote-access attributes. See the following sections:
• Specifying a Name and Type for the Remote Access Connection Profile, page 70-8.
• Configuring Remote-Access Connection Profile General Attributes, page 70-8.
• Configuring Double Authentication, page 70-12
• Configuring Remote-Access Connection Profile IPsec IKEv1 Attributes, page 70-14.
• Configuring IPsec Remote-Access Connection Profile PPP Attributes, page 70-16
Specifying a Name and Type for the Remote Access Connection Profile
Create the connection profile, specifying its name and type, by entering the tunnel-group command. For
an remote-access tunnel, the type is remote-access:
hostname(config)# tunnel-group tunnel_group_name type remote-access
hostname(config)#
For example, to create an remote-access connection profile named TunnelGroup1, enter the following
command:
hostname(config)# tunnel-group TunnelGroup1 type remote-access
hostname(config)#
Configuring Remote-Access Connection Profile General Attributes
To configure or change the connection profile general attributes, specify the parameters in the following
steps:
Step 1 To configure the general attributes, enter the tunnel-group general-attributes task in either single or
multiple context mode, which enters tunnel-group general-attributes configuration mode. The prompt
changes to indicate the change in mode.
hostname(config)# tunnel-group tunnel_group_name general-attributes
hostname(config-tunnel-general)#
Step 2 Specify the name of the authentication-server group, if any, to use. If you want to use the LOCAL
database for authentication if the specified server group fails, append the keyword LOCAL:
hostname(config-tunnel-general)# authentication-server-group [(interface_name)] groupname
[LOCAL]
hostname(config-tunnel-general)#
To Next Page
Loading...
Need help?
General
