Overview Of Tunnel Groups, Group Policies, And Users - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Tunnel Groups, Group Policies, and
Users
This chapter describes how to configure VPN tunnel groups, group policies, and users. This chapter
includes the following sections.
•
•
•
•
In summary, you first configure tunnel groups to set the values for the connection. Then you configure
group policies. These set values for users in the aggregate. Then you configure users, which can inherit
values from groups and configure certain values on an individual user basis. This chapter describes how
and why to configure these entities.
Overview of Tunnel Groups, Group Policies, and Users
Groups and users are core concepts in managing the security of virtual private networks (VPNs) and in
configuring the security appliance. They specify attributes that determine user access to and use of the
VPN. A group is a collection of users treated as a single entity. Users get their attributes from group
policies. Tunnel groups identify the group policy for a specific connection. If you do not assign a
particular group policy to a user, the default group policy for the connection applies.
Tunnel groups and group policies simplify system management. To streamline the configuration task,
the security appliance provides a default LAN-to-LAN tunnel group, a default remote access tunnel
group, a default WebVPN tunnel group, and a default group policy (DfltGrpPolicy). The default tunnel
groups and group policy provide settings that are likely to be common for many users. As you add users,
you can specify that they "inherit" parameters from a group policy. Thus you can quickly configure VPN
access for large numbers of users.
If you decide to grant identical rights to all VPN users, then you do not need to configure specific tunnel
groups or group policies, but VPNs seldom work that way. For example, you might allow a finance group
to access one part of a private network, a customer support group to access another part, and an MIS
group to access other parts. In addition, you might allow specific users within MIS to access systems
that other MIS users cannot access. Tunnel groups and group policies provide the flexibility to do so
securely.
OL-10088-01
Overview of Tunnel Groups, Group Policies, and Users, page 30-1
Configuring Tunnel Groups, page 30-5
Group Policies, page 30-30
Configuring User Attributes, page 30-69
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
30
30-1
Advertisement
Table of Contents
Troubleshooting
