Configuring Webvpn Tunnel-Group General Attributes - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
Configuring WebVPN Tunnel-Group General Attributes
To configure or change the tunnel group general attributes, specify the parameters in the following steps.
To configure the general attributes, enter tunnel-group general-attributes command, which enters
Step 1
tunnel-group general-attributes configuration mode. Note that the prompt changes:
hostname(config)# tunnel-group tunnel_group_name general-attributes
hostname(config-tunnel-general)#
To configure the general attributes for TunnelGroup3, created in the previous section, enter the following
command:
hostname(config)# tunnel-group TunnelGroup3 general-attributes
hostname(config-tunnel-general)#
Specify the name of the authentication-server group, if any, to use. If you want to use the LOCAL
Step 2
database for authentication if the specified server group fails, append the keyword LOCAL:
hostname(config-tunnel-general)# authentication-server-group groupname [LOCAL]
hostname(config-tunnel-general)#
For example, to configure the authentication server group named test, and to provide fallback to the
LOCAL server if the authentication server group fails, enter the following command:
hostname(config-tunnel-general)# authentication-server-group test LOCAL
hostname(config-tunnel-general)#
The authentication-server-group name identifies a previously configured authentication server or group
of servers. Use the aaa-server command to configure authentication servers. The maximum length of
the group tag is 16 characters.
You can also configure interface-specific authentication by including the name of an interface in
parentheses before the group name. The following interfaces are available by default:
•
•
Other interfaces you have configured (using the interface command) are also available. The following
command configures interface-specific authentication for the interface named outside using the server
servergroup1 for authentication:
hostname(config-tunnel-general)# authentication-server-group (outside) servergroup1
hostname(config-tunnel-general)#
Optionally, specify the name of the authorization-server group, if any, to use. If you are not using
Step 3
authorization, go to Step 6. When you configure this value, users must exist in the authorization database
to connect:
hostname(config-tunnel-general)# authorization-server-group groupname
hostname(config-tunnel-general)#
Use the aaa-server command to configure authorization servers. The maximum length of the group tag
is 16 characters.
For example, the following command specifies the use of the authorization-server group FinGroup:
hostname(config-tunnel-general)# authorization-server-group FinGroup
hostname(config-tunnel-general)#
Specify whether to require a successful authorization before allowing a user to connect. The default is
Step 4
not to require authorization.
OL-10088-01
inside—Name of interface GigabitEthernet0/1
outside— Name of interface GigabitEthernet0/0
Cisco Security Appliance Command Line Configuration Guide
Configuring Tunnel Groups
30-17
Advertisement
Table of Contents
Troubleshooting
