Group Policy And User Attributes Pushed To The Client - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Guidelines for Configuring the Easy VPN Server
Group Policy and User Attributes Pushed to the Client
Upon tunnel establishment, the Easy VPN server pushes the values of the group policy or user attributes
stored in its configuration to the Easy VPN hardware client. Therefore, to change certain attributes
pushed to the Easy VPN hardware client, you must modify them on the security appliances configured
as the primary and secondary Easy VPN servers. This section identifies the group policy and user
attributes pushed to the Easy VPN hardware client.
Note
This section serves only as a reference. For complete instructions on configuring group policies and
users, see
Use
attributes.
Table 34-2
Command
backup-servers
banner
client-access-rule
client-firewall
default-domain
dns-server
dhcp-network-scope
group-lock
ipsec-udp
ipsec-udp-port
nem
password-storage
pfs
re-xauth
secure-unit-authentication Enables interactive authentication for VPN hardware clients.
split-dns
Cisco Security Appliance Command Line Configuration Guide
34-10
Configuring Tunnel Groups, Group Policies, and Users, page
Table 34-2
as a guide for determining which commands to enter to modify the group policy or user
Group Policy and User Attributes Pushed to the Cisco ASA 5505 Configured as an
EasyVPN Hardware Client
Description
Sets up backup servers on the client in case the primary server fails to
respond.
Sends a banner to the client after establishing a tunnel.
Applies access rules.
Sets up the firewall parameters on the VPN client.
Sends a domain name to the client.
Specifies the IP address of the primary and secondary DNS servers, or
prohibits the use of DNS servers.
Specifies the IP subnetwork to which the DHCP server assigns address to
users within this group.
Specifies a tunnel group to ensure that users connect to that group.
Uses UDP encapsulation for the IPSec tunnels.
Specifies the port number for IPSec over UDP.
Enables or disables network extension mode.
Lets the VPN user save a password in the user profile.
Commands the VPN client to use perfect forward secrecy.
Requires XAUTH authentication when IKE rekeys.
Note: Disable re-xauth if secure unit authentication is enabled.
Pushes a list of domains for name resolution.
Chapter 34
Configuring Easy VPN Services on the ASA 5505
30-1.
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
