Configuring Ipsec Tunnel-Group General Attributes; Configuring Ipsec Remote-Access Connection Profiles; Specifying A Name And Type For The Ipsec Remote Access Connection Profile - Cisco PIX 500 Series Configuration Manual

Chapter 30 Configuring Connection Profiles, Group Policies, and Users
no override-svc-download
no radius-reject-message
dns-group DefaultDNS
tunnel-group DefaultRAGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 1500 retry 2
no radius-sdi-xauth
isakmp ikev1-user-authentication xauth
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy

Configuring IPSec Tunnel-Group General Attributes

The general attributes are common across more than one tunnel-group type. IPSec remote access and
clientless SSL VPN tunnels share most of the same general attributes. IPSec LAN-to-LAN tunnels use
a subset. Refer to the Cisco Security Appliance Command Reference for complete descriptions of all
commands. The following sections describe, in order, how to configure IPSec remote-access connection
profiles, IPSec LAN-to-LAN connection profiles, and clientless SSL VPN connection profiles.

Configuring IPSec Remote-Access Connection Profiles

Use an IPSec remote-access connection profile when setting up a connection between a remote client
and a central-site security appliance, using a hardware or software client.To configure an IPSec
remote-access connection profile, first configure the tunnel-group general attributes, then the IPSec
remote-access attributes. An IPSec Remote Access VPN connection profile applies only to
remote-access IPSec client connections. To configure an IPSec remote-access connection profile, see the
following sections:
•
•
•

Specifying a Name and Type for the IPSec Remote Access Connection Profile

Create the connection profile, specifying its name and type, by entering the tunnel-group command. For
an IPSec remote-access tunnel, the type is remote-access
hostname(config)# tunnel-group tunnel_group_name type remote-access
hostname(config)#
For example, to create an IPSec remote-access connection profile named TunnelGroup1, enter the
following command:
hostname(config)# tunnel-group TunnelGroup1 type remote-access
hostname(config)#
OL-12172-03
Specifying a Name and Type for the IPSec Remote Access Connection Profile, page
Configuring IPSec Remote-Access Connection Profile General Attributes, page
Configuring IPSec Remote-Access Connection Profile IPSec Attributes, page
Cisco Security Appliance Command Line Configuration Guide
Configuring Connection Profiles
30-7.
30-8.
30-12.
30-7