30-6
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Configuring Tunnel Groups
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
Configuring IPSec Tunnel-Group General Attributes
The general attributes are common across more than one tunnel-group type. IPSec remote access and
WebVPN tunnels share most of the same general attributes. IPSec LAN-to-LAN tunnels use a subset.
Refer to the Cisco Security Appliance Command Reference for complete descriptions of all commands.
The following sections describe, in order, how to configure IPSec remote-access tunnel groups, IPSec
LAN-to-LAN tunnel groups, and WebVPN tunnel groups.
Configuring IPSec Remote-Access Tunnel Groups
Use an IPSec remote-access tunnel group when setting up a connection between a remote client and a
central-site security appliance, using a hardware or software client.To configure an IPSec remote-access
tunnel group, first configure the tunnel-group general attributes, then the IPSec remote-access attributes.
An IPSec Remote Access VPN tunnel group applies only to remote-access IPSec client connections. To
configure an IPSec remote-access tunnel group, see the following sections:
• Specifying a Name and Type for the IPSec Remote Access Tunnel Group, page 30-6.
• Configuring IPSec Remote-Access Tunnel Group General Attributes, page 30-6.
• Configuring IPSec Remote-Access Tunnel Group IPSec Attributes, page 30-10.
Specifying a Name and Type for the IPSec Remote Access Tunnel Group
Create the tunnel group, specifying its name and type, by entering the tunnel-group command. For an
IPSec remote-access tunnel, the type is ipsec-ra
hostname(config)# tunnel-group tunnel_group_name type ipsec-ra
hostname(config)#
For example, to create an IPSec remote-access tunnel-group named TunnelGroup1, enter the following
command:
hostname(config)# tunnel-group TunnelGroup1 type ipsec-ra
hostname(config)#
Configuring IPSec Remote-Access Tunnel Group General Attributes
To configure or change the tunnel group general attributes, specify the parameters in the following steps.
Step 1 To configure the general attributes, enter tunnel-group general-attributes command, which enters
tunnel-group general-attributes configuration mode. The prompt changes to indicate the change in mode.
hostname(config)# tunnel-group tunnel_group_name general-attributes
hostname(config-tunnel-general)#
To Next Page
Loading...
Need help?
General