Cisco FirePOWER ASA 5500 series Configuration Manual page 561

Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Specify the name of the authentication-server group, if any, to use. If you want to use the LOCAL
Step 2
database for authentication if the specified server group fails, append the keyword LOCAL:
hostname(config-tunnel-general)# authentication-server-group [(interface_name)] groupname
[LOCAL]
hostname(config-tunnel-general)#
You can optionally configure interface-specific authentication by including the name of an interface after
the group name. The interface name, which specifies where the IPSec tunnel terminates, must be
enclosed in parentheses. The following command configures interface-specific authentication for the
interface named test using the server named servergroup1 for authentication:
hostname(config-tunnel-general)# authentication-server-group (test) servergroup1
hostname(config-tunnel-general)#
Specify the name of the authorization-server group, if any, to use. When you configure this value, users
Step 3
must exist in the authorization database to connect:
hostname(config-tunnel-general)# authorization-server-group groupname
hostname(config-tunnel-general)#
For example, the following command specifies the use of the authorization-server group FinGroup:
hostname(config-tunnel-general)# authorization-server-group FinGroup
hostname(config-tunnel-general)#
Specify the name of the accounting-server group, if any, to use:
Step 4
hostname(config-tunnel-general)# accounting-server-group groupname
hostname(config-tunnel-general)#
For example, the following command specifies the use of the accounting-server group named
comptroller:
hostname(config-tunnel-general)# accounting-server-group comptroller
hostname(config-tunnel-general)#
Specify the name of the default group policy:
Step 5
hostname(config-tunnel-general)# default-group-policy policyname
hostname(config-tunnel-general)#
The following example sets DfltGrpPolicy as the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy DfltGrpPolicy
hostname(config-tunnel-general)#
Step 6 Specify the names or IP addresses of the DHCP server (up to 10 servers), and the names of the DHCP
address pools (up to 6 pools). The defaults are no DHCP server and no address pool.
hostname(config-tunnel-general)# dhcp-server server1 [...server10]
hostname(config-tunnel-general)# address-pool [(interface name)] address_pool1
[...address_pool6]
hostname(config-tunnel-general)#
Note
You configure address pools with the ip local pool command in global configuration mode.
OL-10088-01
The interface name must be enclosed in parentheses.
Cisco Security Appliance Command Line Configuration Guide
Configuring Tunnel Groups
30-7