Configuring Lan-To-Lan Tunnel Groups - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
hostname(config-tunnel-ppp)# authentication ms-chap-v2
hostname(config-tunnel-ppp)#
The following command enables the use of the EAP-PROXY protocol for a PPP connection:
hostname(config-tunnel-ppp)# authentication pap
hostname(config-tunnel-ppp)#
The following command disables the use of the MS-CHAP, version 1 protocol for a PPP connection:
hostname(config-tunnel-ppp)# no authentication ms-chap-v1
hostname(config-tunnel-ppp)#
Configuring LAN-to-LAN Tunnel Groups
An IPSec LAN-to-LAN VPN tunnel group applies only to LAN-to-LAN IPSec client connections. While
many of the parameters that you configure are the same as for IPSec remote-access tunnel groups,
LAN-to-LAN tunnels have fewer parameters. To configure a LAN-to-LAN tunnel group, follow the
steps in this section.
Default LAN-to-LAN Tunnel Group Configuration
The contents of the default LAN-to-LAN tunnel group are as follows:
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
LAN-to-LAN tunnel groups have fewer parameters than remote-access tunnel groups, and most of these
are the same for both groups. For your convenience in configuring the connection, they are listed
separately here. Any parameters that you do not explicitly configure inherit their values from the default
tunnel group.
Specifying a Name and Type for a LAN-to-LAN Tunnel Group
To specify a name and a type for a tunnel group, enter the tunnel-group command, as follows:
hostname(config)# tunnel-group tunnel_group_name type tunnel_type
For a LAN-to-LAN tunnel, the type is ipsec-l2l.; for example, to create the LAN-to-LAN tunnel group
named docs, enter the following command:
hostname(config)# tunnel-group docs type ipsec-l2l
hostname(config)#
OL-10088-01
Cisco Security Appliance Command Line Configuration Guide
Configuring Tunnel Groups
30-13
Advertisement
Table of Contents
Troubleshooting
