Cisco FirePOWER ASA 5500 series Configuration Manual page 572
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Tunnel Groups
hostname(config-tunnel-ipsec)# authorization-required
hostname(config-tunnel-ipsec)#
Step 5
Specify the attribute or attributes to use in deriving a name for an authorization query from a certificate.
This attribute specifies what part of the subject DN field to use as the username for authorization:
hostname(config-tunnel-ipsec)# authorization-dn-attributes {primary-attribute
[secondary-attribute] | use-entire-name}
For example, the following command specifies the use of the CN attribute as the username for
authorization:
hostname(config-tunnel-ipsec)# hostname(config-ipsec)# authorization-dn-attributes CN
hostname(config-tunnel-ipsec)#
The authorization-dn-attributes are C (Country), CN (Common Name), DNQ (DN qualifier), EA
(E-mail Address), GENQ (Generational qualifier), GN (Given Name), I (Initials), L (Locality),
N (Name), O (Organization), OU (Organizational Unit), SER (Serial Number), SN (Surname),
SP (State/Province), T (Title), and UID (User ID)
Step 6
Optionally, specify the name of the accounting-server group, if any, to use. If you are not using
accounting, go to Step 7. Use the aaa-server command to configure accounting servers. The maximum
length of the group tag is 16 characters.:
hostname(config-tunnel-general)# accounting-server-group groupname
hostname(config-tunnel-general)#
For example, the following command specifies the use of the accounting-server group comptroller:
hostname(config-tunnel-general)# accounting-server-group comptroller
hostname(config-tunnel-general)#
Step 7
Optionally, specify the name of the default group policy. The default value is DfltGrpPolicy:
hostname(config-tunnel-general)# default-group-policy policyname
hostname(config-tunnel-general)#
The following example sets MyDfltGrpPolicy as the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy MyDfltGrpPolicy
hostname(config-tunnel-general)#
Optionally, specify the name or IP address of the DHCP server (up to 10 servers), and the names of the
Step 8
DHCP address pools (up to 6 pools). Separate the list items with spaces. The defaults are no DHCP
server and no address pool.
hostname(config-tunnel-general)# dhcp-server server1 [...server10]
hostname(config-tunnel-general)# address-pool [(interface name)] address_pool1
[...address_pool6]
hostname(config-tunnel-general)#
Note
You configure address pools with the ip local pool command in global configuration mode. See
Chapter 31, "Configuring IP Addresses for VPNs"
Optionally, if your server is a RADIUS, RADIUS with NT, or LDAP server, you can enable password
Step 9
management.
Cisco Security Appliance Command Line Configuration Guide
30-18
The interface name must be enclosed in parentheses.
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
for information about configuring address pools.
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
