Configuring Connection Profiles
Default LAN-to-LAN Connection Profile Configuration
The contents of the default LAN-to-LAN connection profile are as follows:
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
LAN-to-LAN connection profiles have fewer parameters than remote-access connection profiles, and
most of these are the same for both groups. For your convenience in configuring the connection, they are
listed separately here. Any parameters that you do not explicitly configure inherit their values from the
default connection profile.
Specifying a Name and Type for a LAN-to-LAN Connection Profile
To specify a name and a type for a connection profile, enter the tunnel-group command, as follows:
hostname(config)# tunnel-group tunnel_group_name type tunnel_type
For a LAN-to-LAN tunnel, the type is ipsec-l2l.; for example, to create the LAN-to-LAN connection
profile named docs, enter the following command:
hostname(config)# tunnel-group docs type ipsec-l2l
hostname(config)#
Configuring LAN-to-LAN Connection Profile General Attributes
To configure the connection profile general attributes, do the following steps:
Enter tunnel-group general-attributes mode by specifying the general-attributes keyword:
Step 1
hostname(config)# tunnel-group _tunnel-group-name general-attributes
hostname(config-tunnel-general)#
The prompt changes to indicate that you are now in config-general mode, in which you configure the
tunnel-group general attributes.
For example, for the connection profile named docs, enter the following command:
hostname(config)# tunnel-group _ docs general-attributes
hostname(config-tunnel-general)#
Specify the name of the accounting-server group, if any, to use:
Step 2
hostname(config-tunnel-general)# accounting-server-group groupname
hostname(config-tunnel-general)#
For example, the following command specifies the use of the accounting-server group acctgserv1:
hostname(config-tunnel-general)# accounting-server-group acctgserv1
hostname(config-tunnel-general)#
Cisco Security Appliance Command Line Configuration Guide
30-16
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
OL-12172-03