Connection Profile Connection Parameters For Clientless Ssl Vpn Sessions - Cisco PIX 500 Series Configuration Manual

Chapter 30 Configuring Connection Profiles, Group Policies, and Users
Note
•
•
•

Connection Profile Connection Parameters for Clientless SSL VPN Sessions

Table 30-1
addition to these attributes, you configure general connection profile attributes common to all VPN
connections. For step-by-step information on configuring connection profiles, see
Connection Profiles for Clientless SSL VPN Sessions"
Group Policies, and Users."
In earlier releases, "connection profiles" were known as "tunnel groups." You configure a connection
Note
profile with tunnel-group commands. This chapter often uses these terms interchangeably.
Table 30-1
Command
authentication
customization
nbns-server
group-alias
group-url
dns-group
OL-12172-03
If you have a LAN-to-LAN configuration using IKE main mode, make sure that the two peers
have the same IKE keepalive configuration. Both peers must have IKE keepalives enabled or
both peers must have it disabled.
If you configure authentication using digital certificates, you can specify whether to send the entire
certificate chain (which sends the peer the identity certificate and all issuing certificates) or just the
issuing certificates (including the root certificate and any subordinate CA certificates).
You can notify users who are using outdated versions of Windows client software that they need to
update their client, and you can provide a mechanism for them to get the updated client version. For
VPN 3002 hardware client users, you can trigger an automatic update. You can configure and change
the client-update, either for all connection profiles or for particular connection profiles.
If you configure authentication using digital certificates, you can specify the name of the trustpoint
that identifies the certificate to send to the IKE peer.
provides a list of connection profile attributes that are specific to clientless SSL VPN. In
Connection Profile Attributes for Clientless SSL VPN
Function
Sets the authentication method, AAA or certificate.
Identifies the name of a previously defined customization to apply.
Customizations determine the appearance of the windows that the user
sees upon login. You configure the customization parameters as part of
configuring clientless SSL VPN.
Identifies the name of the NetBIOS Name Service server (nbns-server) to
use for CIFS name resolution.
Specifies one or more alternate names by which the server can refer to a
connection profile. At login, the user selects the group name from a
dropdown menu.
Identifies one or more group URLs. If you configure this attribute, users
coming in on a specified URL need not select a group at login.
Identifies the DNS server group that specifies the DNS server name,
domain name, name server, number of retries, and timeout values for a
DNS server to use for a connection profile.
in Chapter 30, "Configuring Connection Profiles,
Cisco Security Appliance Command Line Configuration Guide
Connection Profiles
"Configuring
30-5