Configuring Ipsec Remote-Access Connection Profile General Attributes - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring Connection Profiles
Configuring IPSec Remote-Access Connection Profile General Attributes
To configure or change the connection profile general attributes, specify the parameters in the following
steps.
To configure the general attributes, enter the tunnel-group general-attributes command, which enters
Step 1
tunnel-group general-attributes configuration mode. The prompt changes to indicate the change in mode.
hostname(config)# tunnel-group tunnel_group_name general-attributes
hostname(config-tunnel-general)#
Step 2
Specify the name of the authentication-server group, if any, to use. If you want to use the LOCAL
database for authentication if the specified server group fails, append the keyword LOCAL:
hostname(config-tunnel-general)# authentication-server-group [(interface_name)] groupname
[LOCAL]
hostname(config-tunnel-general)#
The name of the authentication server group can be up to 16 characters long.
You can optionally configure interface-specific authentication by including the name of an interface after
the group name. The interface name, which specifies where the IPSec tunnel terminates, must be
enclosed in parentheses. The following command configures interface-specific authentication for the
interface named test using the server named servergroup1 for authentication:
hostname(config-tunnel-general)# authentication-server-group (test) servergroup1
hostname(config-tunnel-general)#
Specify the name of the authorization-server group, if any, to use. When you configure this value, users
Step 3
must exist in the authorization database to connect:
hostname(config-tunnel-general)# authorization-server-group groupname
hostname(config-tunnel-general)#
The name of the authorization server group can be up to 16 characters long. For example, the following
command specifies the use of the authorization-server group FinGroup:
hostname(config-tunnel-general)# authorization-server-group FinGroup
hostname(config-tunnel-general)#
Specify the name of the accounting-server group, if any, to use:
Step 4
hostname(config-tunnel-general)# accounting-server-group groupname
hostname(config-tunnel-general)#
The name of the accounting server group can be up to 16 characters long. For example, the following
command specifies the use of the accounting-server group named comptroller:
hostname(config-tunnel-general)# accounting-server-group comptroller
hostname(config-tunnel-general)#
Step 5
Specify the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy policyname
hostname(config-tunnel-general)#
The name of the group policy can be up to 64 characters long. The following example sets DfltGrpPolicy
as the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy DfltGrpPolicy
hostname(config-tunnel-general)#
Cisco Security Appliance Command Line Configuration Guide
30-8
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
