Configuring Lan-To-Lan Tunnel Group General Attributes - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Tunnel Groups
Configuring LAN-to-LAN Tunnel Group General Attributes
To configure the tunnel group general attributes, do the following steps:
Enter tunnel-group general-attributes mode by specifying the general-attributes keyword:
Step 1
hostname(config)# tunnel-group_tunnel-group-name general-attributes
hostname(config-tunnel-general)#
The prompt changes to indicate that you are now in config-general mode, in which you configure the
tunnel-group general attributes.
For example, for the tunnel group named docs, enter the following command:
hostname(config)# tunnel-group_docs general-attributes
hostname(config-tunnel-general)#
Specify the name of the accounting-server group, if any, to use:
Step 2
hostname(config-tunnel-general)# accounting-server-group groupname
hostname(config-tunnel-general)#
For example, the following command specifies the use of the accounting-server group acctgserv1:
hostname(config-tunnel-general)# accounting-server-group acctgserv1
hostname(config-tunnel-general)#
Step 3
Specify the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy policyname
hostname(config-tunnel-general)#
For example, the following command specifies that the name of the default group policy is MyPolicy:
hostname(config-tunnel-general)# default-group-policy MyPolicy
hostname(config-tunnel-general)#
Configuring LAN-to-LAN IPSec Attributes
To configure the IPSec attributes, do the following steps:
To configure the tunnel-group IPSec attributes, enter tunnel-group ipsec-attributes configuration mode
Step 1
by entering the tunnel-group command with the IPSec-attributes keyword.
hostname(config)# tunnel-group tunnel-group-name ipsec-attributes
hostname(config-tunnel-ipsec)#
For example, the following command enters config-ipsec mode so you can configure the parameters for
the tunnel group named TG1:
hostname(config)# tunnel-group TG1 ipsec-attributes
hostname(config-tunnel-ipsec)#
The prompt changes to indicate that you are now in tunnel-group ipsec-attributes configuration mode.
Specify the preshared key to support IKE connections based on preshared keys.
Step 2
hostname(config-tunnel-ipsec)# pre-shared-key key
hostname(config-tunnel-ipsec)#
Cisco Security Appliance Command Line Configuration Guide
30-14
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
