Configuring Connection Profiles; Default Ipsec Remote Access Connection Profile Configuration - Cisco PIX 500 Series Configuration Manual

Configuring Connection Profiles

Table 30-1
Command
hic-fail-group-policy
override-svc-download
radius-reject-message
Configuring Connection Profiles
The following sections describe the contents and configuration of connection profiles:
•
•
•
•
•
•
You can modify the default connection profiles, and you can configure a new connection profile as any
of the three tunnel-group types. If you don't explicitly configure an attribute in a connection profile, that
attribute gets its value from the default connection profile. The default connection-profile type is remote
access. The subsequent parameters depend upon your choice of tunnel type. To see the current
configured and default configuration of all your connection profiles, including the default connection
profile, enter the show running-config all tunnel-group command.

Default IPSec Remote Access Connection Profile Configuration

The contents of the default remote-access connection profile are as follows:
tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
accounting-server-group RADIUS
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
authorization-dn-attributes CN OU
tunnel-group DefaultRAGroup webvpn-attributes
hic-fail-group-policy DfltGrpPolicy
customization DfltCustomization
authentication aaa
Cisco Security Appliance Command Line Configuration Guide
30-6
Connection Profile Attributes for Clientless SSL VPN
Function
Specifies a VPN feature policy if you use the Cisco Secure Desktop
Manager to set the Group-Based Policy attribute to "Use Failure
Group-Policy" or "Use Success Group-Policy, if criteria match."
Overrides downloading the group-policy or username attributes
configured for downloading the AnyConnect VPN client to the remote
user.
Enables the display of the RADIUS reject message on the login screen
when authentication is rejected.
Default IPSec Remote Access Connection Profile Configuration, page 30-6
Specifying a Name and Type for the IPSec Remote Access Connection Profile, page 30-7
Configuring IPSec Remote-Access Connection Profiles, page 30-7
Configuring LAN-to-LAN Connection Profiles, page 30-15
Configuring Connection Profiles for Clientless SSL VPN Sessions, page 30-19
Customizing Login Windows for Users of Clientless SSL VPN sessions, page 30-26
Chapter 30 Configuring Connection Profiles, Group Policies, and Users
OL-12172-03