Configuring Address Pools - Cisco PIX 500 Series Configuration Manual

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

Configuring Connection Profiles, Group Policies, and Users

Group Policies

The following example disables inheritance and specifies that all hosts will be subject to posture

hostname(config-group-policy)# no vpn-nac-exempt none

hostname(config-group-policy)

The following example removes all entries from the exemption list:

hostname(config-group-policy)# no vpn-nac-exempt

hostname(config-group-policy)

Enable or disable Network Admission Control by entering the following command:

hostname(config-group-policy)# nac {enable | disable}

hostname(config-group-policy)#

To inherit the NAC setting from the default group policy, access the alternative group policy from which

to inherit it, then use the no form of this command:

hostname(config-group-policy)# no nac [enable | disable]

hostname(config-group-policy)#

By default, NAC is disabled. Enabling NAC requires posture validation for remote access. If the remote

computer passes the validation checks, the ACS server downloads the access policy for the security

appliance to enforce. NAC is disabled by default.

An Access Control Server must be present on the network.

The following example enables NAC for the group policy:

hostname(config-group-policy)# nac enable

hostname(config-group-policy)#

Configuring Address Pools

Configure a list of address pools for allocating addresses to remote clients by entering the address-pools

command in group-policy attributes configuration mode:

hostname(config-group-policy)# address-pools value address_pool1 [... address_pool6 ]

hostname(config-group-policy)#

The address-pools settings in this command override the local pool settings in the group. You can specify

a list of up to six local address pools to use for local address allocation.

The order in which you specify the pools is significant. The security appliance allocates addresses from

these pools in the order in which the pools appear in this command.

To remove the attribute from the group policy and enable inheritance from other sources of group policy,

use the no form of this command:

hostname(config-group-policy)# no address-pools value address_pool1 [... address_pool6 ]

hostname(config-group-policy)#

The command address-pools none disables this attribute from being inherited from other sources of

policy, such as the DefaultGrpPolicy:

hostname(config-group-policy)# address-pools none

hostname(config-group-policy)#

Cisco Security Appliance Command Line Configuration Guide

Troubleshooting

Asa 5500 series

Configuring Address Pools - Cisco PIX 500 Series Configuration Manual

Configuring Address Pools

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Content for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents