Cisco PIX 500 Series Configuration Manual page 840
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Enabling AnyConnect Client Connections
To do this, first enter the tunnel-group name general-attributes command to enter general-attributes
mode. Then specify the local IP address pool using the address-pool command.
In the following example, the user configures the existing tunnel group telecommuters to use the address
pool vpn_users created in step 3:
hostname(config)# tunnel-group telecommuters general-attributes
hostname(config-tunnel-general)# address-pool vpn_users
Step 4
Assign a default group policy to the tunnel group with the default-group-policy command from tunnel
group general attributes mode:
default-group-policy name
In the following example, the user assigns the group policy sales to the tunnel group telecommuters:
hostname(config-tunnel-general)# default-group-policy sales
Create and enable a group alias that displays in the group list on the WebVPN Login page using the
Step 5
group-alias command from tunnel group webvpn attributes mode:
group-alias name enable
First exit to global configuration mode, and then enter the tunnel-group name webvpn-attributes
command to enter tunnel group webvpn attributes mode.
In the following example, the user enters webvpn attributes configuration mode for the tunnel group
telecommuters, and creates the group alias sales_department:
hostname(config)# tunnel-group telecommuters webvpn-attributes
hostname(config-tunnel-webvpn)# group-alias sales_department enable
Enable the display of the tunnel-group list on the WebVPN Login page from webvpn mode:
Step 6
tunnel-group-list enable
First exit to global configuration mode, and then enter webvpn mode.
In the following example, the user enters webvpn mode, and then enables the tunnel group list:
hostname(config)# webvpn
hostname(config-webvpn)# tunnel-group-list enable
Step 7
Specify SSL as a permitted VPN tunneling protocol for the group or user with the vpn-tunnel-protocol
svc command in group-policy mode or username mode. You can also specify additional protocols. For
more information, see the vpn-tunnel-protocol command in the Cisco ASA 5500 Series Command
Reference.
vpn-tunnel-protocol svc
To do this, first exit to global configuration mode, enter the group-policy name attributes command to
enter group-policy mode, or the username name attributes command to enter username mode, and then
enter the webvpn command to enter webvpn mode and change the WebVPN settings for the group or
user.
The following example identifies SSL as the only permitted tunneling protocol for the group-policy
sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# vpn-tunnel-protocol svc
For more information about assigning users to group policies, see
Profiles, Group Policies, and
Cisco Security Appliance Command Line Configuration Guide
38-4
Chapter 38
Users".
Configuring AnyConnect VPN Client Connections
Chapter 30, "Configuring Connection
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
