Configuring Ipsec Tunnel-Group General Attributes - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Tunnel Groups
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
Configuring IPSec Tunnel-Group General Attributes
The general attributes are common across more than one tunnel-group type. IPSec remote access and
WebVPN tunnels share most of the same general attributes. IPSec LAN-to-LAN tunnels use a subset.
Refer to the Cisco Security Appliance Command Reference for complete descriptions of all commands.
The following sections describe, in order, how to configure IPSec remote-access tunnel groups, IPSec
LAN-to-LAN tunnel groups, and WebVPN tunnel groups.
Configuring IPSec Remote-Access Tunnel Groups
Use an IPSec remote-access tunnel group when setting up a connection between a remote client and a
central-site security appliance, using a hardware or software client.To configure an IPSec remote-access
tunnel group, first configure the tunnel-group general attributes, then the IPSec remote-access attributes.
An IPSec Remote Access VPN tunnel group applies only to remote-access IPSec client connections. To
configure an IPSec remote-access tunnel group, see the following sections:
•
•
•
Specifying a Name and Type for the IPSec Remote Access Tunnel Group
Create the tunnel group, specifying its name and type, by entering the tunnel-group command. For an
IPSec remote-access tunnel, the type is ipsec-ra
hostname(config)# tunnel-group tunnel_group_name type ipsec-ra
hostname(config)#
For example, to create an IPSec remote-access tunnel-group named TunnelGroup1, enter the following
command:
hostname(config)# tunnel-group TunnelGroup1 type ipsec-ra
hostname(config)#
Configuring IPSec Remote-Access Tunnel Group General Attributes
To configure or change the tunnel group general attributes, specify the parameters in the following steps.
To configure the general attributes, enter tunnel-group general-attributes command, which enters
Step 1
tunnel-group general-attributes configuration mode. The prompt changes to indicate the change in mode.
hostname(config)# tunnel-group tunnel_group_name general-attributes
hostname(config-tunnel-general)#
Cisco Security Appliance Command Line Configuration Guide
30-6
Specifying a Name and Type for the IPSec Remote Access Tunnel Group, page
Configuring IPSec Remote-Access Tunnel Group General Attributes, page
Configuring IPSec Remote-Access Tunnel Group IPSec Attributes, page
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
30-6.
30-6.
30-10.
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
