Cisco PIX 500 Series Configuration Manual page 656
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Group Policies
Step 4
Configure a maximum amount of time for VPN connections, using the vpn-session-timeout command
in group-policy configuration mode or in username configuration mode.
hostname(config-group-policy)# vpn-session-timeout { minutes | none}
hostname(config-group-policy)#
The minimum time is 1 minute, and the maximum time is 35791394 minutes. There is no default value.
At the end of this period of time, the security appliance terminates the connection.
A group policy can inherit this value from another group policy. To prevent inheriting a value, enter the
none keyword instead of specifying a number of minutes with this command. Specifying the none
keyword permits an unlimited session timeout period and sets session timeout with a null value, which
disallows a session timeout.
The following example shows how to set a VPN session timeout of 180 minutes for the group policy
named FirstGroup:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# vpn-session-timeout 180
hostname(config-group-policy)#
Choose one of the following options to specify an egress VLAN (also called "VLAN mapping") for
Step 5
remote access or specify an ACL to filter the traffic:
Enter the following command in group-policy configuration mode to specify the egress VLAN for
•
remote access VPN sessions assigned to this group policy or to a group policy that inherits this group
policy:
hostname(config-group-policy)#
no vlan
the default group policy.
vlan none
policy. The group policy does not inherit the vlan value from the default group policy.
vlan_id in the command
remote access VPN sessions that use this group policy. The VLAN must be configured on this
security appliance per the instructions in
procedure on page
none disables the assignment of a VLAN to the remote access VPN sessions that match this group
policy.
Note
Specify the name of the ACL to apply to VPN session, using the vpn-filter command in group policy
•
mode. (You can also configure this attribute in username mode, in which case the value configured
under username supersedes the group-policy value.)
hostname(config-group-policy)# vpn-filter {value ACL name | none}
hostname(config-group-policy)#
You configure ACLs to permit or deny various types of traffic for this group policy. You then enter
the vpn-filter command to apply those ACLs.
To remove the ACL, including a null value created by entering the vpn-filter none command, enter
the no form of this command. The no option allows inheritance of a value from another group policy.
Cisco Security Appliance Command Line Configuration Guide
30-40
removes the vlan_id from the group policy. The group policy inherits the vlan value from
removes the vlan_id from the group policy and disables VLAN mapping for this group
vlan_id is the number of the VLAN, in decimal format, to assign to
vlan
5-7.
The egress VLAN feature works for HTTP connections, but not for FTP and CIFS.
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
[
]
{vlan_id |
}
no
vlan
none
"Configuring VLAN Subinterfaces and 802.1Q Trunking"
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
