Cisco FirePOWER ASA 5500 series Configuration Manual page 675
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 34
Configuring Easy VPN Services on the ASA 5505
Table 34-2
Command
split-tunnel-network-list
split-tunnel-policy
user-authentication
vpn-access-hours
vpn-filter
vpn-idle-timeout
vpn-session-timeout
vpn-simultaneous-logins
vpn-tunnel-protocol
wins-server
IPSec NAT-T connections are the only IPSec connection types supported on the home VLAN of a Cisco
Note
ASA 5505. IPSec over TCP and native IPSec connections are not supported.
OL-10088-01
Group Policy and User Attributes Pushed to the Cisco ASA 5505 Configured as an
EasyVPN Hardware Client (continued)
Description
Specifies one of the following:
•
No access list exists for split tunneling. All traffic travels across the
tunnel.
•
Identifies the access list the security appliance uses to distinguish
networks that require tunneling and those that do not.
Split tunneling lets a remote-access IPSec client conditionally direct
packets over an IPSec tunnel in encrypted form, or to a network interface
in cleartext form. With split-tunneling enabled, packets not bound for
destinations on the other side of the IPSec tunnel do not have to be
encrypted, sent across the tunnel, decrypted, and then routed to a final
destination.
Lets a remote-access IPSec client conditionally direct packets over an
IPSec tunnel in encrypted form, or to a network interface in cleartext form.
Options include the following:
split-tunnel-policy—Indicates that you are setting rules for tunneling
•
traffic.
excludespecified—Defines a list of networks to which traffic goes in
•
the clear.
tunnelall—Specifies that no traffic goes in the clear or to any other
•
destination than the Easy VPN server. Remote users reach Internet
networks through the corporate network and do not have access to
local networks.
•
tunnelspecified—Tunnels all traffic from or to the specified networks.
This option enables split tunneling. It lets you create a network list of
addresses to tunnel. Data to all other addresses travels in the clear, and
is routed by the remote user's internet service provider.
Enables individual user authentication for hardware-based VPN clients.
Restricts VPN access hours.
Applies a filter to VPN traffic.
Specifies the number of minutes a session can be idle before it times out.
Specifies the maximum number of minutes for VPN connections.
Specifies the maximum number of simultaneous logins.
Specifies the permitted tunneling protocols.
Specifies the IP address of the primary and secondary WINS servers, or
prohibits the use of WINS servers.
Cisco Security Appliance Command Line Configuration Guide
Guidelines for Configuring the Easy VPN Server
34-11
Advertisement
Table of Contents
Troubleshooting
