Configuring Tunnel Groups - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
•
•
•
•
Configuring Tunnel Groups
The following sections describe the contents and configuration of tunnel groups:
•
•
•
•
•
•
You can modify the default tunnel groups, and you can configure a new tunnel group as any of the three
tunnel-group types. If you don't explicitly configure an attribute in a tunnel group, that attribute gets its
value from the default tunnel group. The default tunnel-group type is ipsec-ra. The subsequent
parameters depend upon your choice of tunnel type. To see the current configured and default
configuration of all your tunnel groups, including the default tunnel group, enter the show
running-config all tunnel-group command.
Default IPSec Remote Access Tunnel Group Configuration
The contents of the default remote-access tunnel group are as follows:
tunnel-group DefaultRAGroup type ipsec-ra
tunnel-group DefaultRAGroup general-attributes
no address-pool
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no nac-authentication-server-group
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
authorization-dn-attributes CN OU
tunnel-group DefaultRAGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 100 retry 2
isakmp ikev1-user-authentication xauth
OL-10088-01
One or more group aliases; these are alternate names by which the server can refer to a tunnel group.
At login, the user selects the group name from a dropdown menu.
One or more group URLs. If you configure this parameter, users coming in on a specified URL need
not select a group at login.
A group policy that grants a WebVPN user access rights that are different from the default group
policy.
The name of the NetBIOS Name Service server (nbns-server) to use for CIFS name resolution.
Default IPSec Remote Access Tunnel Group Configuration, page 30-5
Specifying a Name and Type for the IPSec Remote Access Tunnel Group, page 30-6
Configuring IPSec Remote-Access Tunnel Groups, page 30-6
Configuring LAN-to-LAN Tunnel Groups, page 30-13
Configuring WebVPN Tunnel Groups, page 30-16
Customizing Login Windows for WebVPN Users, page 30-23
Cisco Security Appliance Command Line Configuration Guide
Configuring Tunnel Groups
30-5
Advertisement
Table of Contents
Troubleshooting
