Configuring Security Attributes - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
Specify the VPN tunnel type for this group policy.
Step 6
hostname(config-group-policy)# vpn-tunnel-protocol {webvpn | IPSec | l2tp-ipsec}
hostname(config-group-policy)#
The default is IPSec. To remove the attribute from the running configuration, enter the no form of this
command.
hostname(config-group-policy)# no vpn-tunnel-protocol [webvpn | IPSec | l2tp-ipsec]
hostname(config-group-policy)#
The parameter values for this command follow:
•
•
•
Enter this command to configure one or more tunneling modes. You must configure at least one tunneling
mode for users to connect over a VPN tunnel.
The following example shows how to configure the IPSec tunneling mode for the group policy named
FirstGroup:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# vpn-tunnel-protocol IPSec
hostname(config-group-policy)#
Configuring Security Attributes
The attributes in this section specify certain security settings for the group:
Specify whether to let users store their login passwords on the client system, using the
Step 1
password-storage command with the enable keyword in group-policy configuration mode. To disable
password storage, use the password-storage command with the disable keyword.
hostname(config-group-policy)# password-storage {enable | disable}
hostname(config-group-policy)#
For security reasons, password storage is disabled by default. Enable password storage only on systems
that you know to be in secure sites.
To remove the password-storage attribute from the running configuration, enter the no form of this
command:
OL-12172-03
A group policy can inherit this value from another group policy. To prevent inheriting a value, enter
the none keyword instead of specifying an ACL name. The none keyword indicates that there is no
access list and sets a null value, thereby disallowing an access list.
The following example shows how to set a filter that invokes an access list named acl_vpn for the
group policy named FirstGroup:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# vpn-filter acl_vpn
hostname(config-group-policy)#
IPSec—Negotiates an IPSec tunnel between two peers (a remote access client or another secure
gateway). Creates security associations that govern authentication, encryption, encapsulation, and
key management.
webvpn—Provides VPN services to remote users via an HTTPS-enabled web browser, and does not
require a client.
l2tp-ipsec—Negotiates an IPSec tunnel for an L2TP connection
Cisco Security Appliance Command Line Configuration Guide
Group Policies
30-41
Advertisement
Table of Contents
Troubleshooting
