Configuring Connection Profiles For Clientless Ssl Vpn Sessions; Specifying A Connection Profile Name And Type For Clientless Ssl Vpn Sessions; Configuring General Tunnel-Group Attributes For Clientless Ssl Vpn Sessions - Cisco PIX 500 Series Configuration Manual

Chapter 30 Configuring Connection Profiles, Group Policies, and Users
hostname(config-tunnel-ipsec)# isakmp ikev1-user-authentication (inside) hybrid
hostname(config-tunnel-ipsec)#

Configuring Connection Profiles for Clientless SSL VPN Sessions

The tunnel-group general attributes for clientless SSL VPN connection profiles are the same as those for
IPSec remote-access connection profiles, except that the tunnel-group type is webvpn and the
strip-group and strip-realm commands do not apply. You define the attribute specific to clientless SSL
VPN separately. The following sections describe how to configure clientless SSL VPN connection
profiles.

Specifying a Connection Profile Name and Type for Clientless SSL VPN Sessions

Create the connection profile, specifying its name and type by entering the tunnel-group command in
global configuration mode. For an IPSec remote-access tunnel, the type is webvpn
hostname(config)# tunnel-group tunnel_group_name type webvpn
hostname(config)#
For example, to create a clientless SSL VPN tunnel-group named TunnelGroup3, enter the following
command:
hostname(config)# tunnel-group TunnelGroup3 type webvpn
hostname(config)#

Configuring General Tunnel-Group Attributes for Clientless SSL VPN Sessions

To configure or change the connection profile general attributes, specify the parameters in the following
steps.
To configure the general attributes, enter tunnel-group general-attributes command, which enters
Step 1
tunnel-group general-attributes configuration mode. Note that the prompt changes:
hostname(config)# tunnel-group tunnel_group_name general-attributes
hostname(config-tunnel-general)#
To configure the general attributes for TunnelGroup3, created in the previous section, enter the following
command:
hostname(config)# tunnel-group TunnelGroup3 general-attributes
hostname(config-tunnel-general)#
Specify the name of the authentication-server group, if any, to use. If you want to use the LOCAL
Step 2
database for authentication if the specified server group fails, append the keyword LOCAL:
hostname(config-tunnel-general)# authentication-server-group groupname [LOCAL]
hostname(config-tunnel-general)#
For example, to configure the authentication server group named test, and to provide fallback to the
LOCAL server if the authentication server group fails, enter the following command:
hostname(config-tunnel-general)# authentication-server-group test LOCAL
hostname(config-tunnel-general)#
OL-12172-03
Cisco Security Appliance Command Line Configuration Guide
Configuring Connection Profiles
30-19