Enabling Svc - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 38
Configuring SSL VPN Client
1,0,0,164
Thu 02/17/2005 20:09:22.43
2 SSL VPN Client(s) installed
Enabling SVC
After installing SVC, you can enable SVC by performing the following steps:
Enable WebVPN on an interface using the enable command from webvpn mode:
Step 1
For example:
hostname(config)# webvpn
hostname(config-webvpn)# enable outside
From webvpn mode, enter the svc enable command to enable the security appliance to download SVC
Step 2
images to remote computers:
For example:
hostname(config-webvpn)# svc enable
Step 3
Configure a method of address assignment. You can use DHCP, and/or user-assigned addressing. You
can also create a local IP address pool using the ip local pool command from webvpn mode:
The following example creates the local IP address pool vpn_users:
hostname(config-webvpn)# ip local pool vpn_users 209.165.200.225-209.165.200.254
mask 255.255.255.224
Assign IP addresses to a tunnel group. One method you can use to do this is to configure a local IP
Step 4
address pool with the address-pool command from general-attributes mode:
To do this, first enter the tunnel-group name general-attributes command to enter general-attributes
mode. Then specify the local IP address pool using the address-pool command.
In the following example, the user configures the existing tunnel group telecommuters to use the address
pool vpn_users created in step 3:
hostname(config)# tunnel-group telecommuters general-attributes
hostname(config-tunnel-general)# address-pool vpn_users
Assign a default group policy to the tunnel group with the default-group-policy command from tunnel
Step 5
group general attributes mode:
In the following example, the user assigns the group policy sales to the tunnel group telecommuters:
hostname(config-tunnel-general)# default-group-policy sales
Step 6
Create and enable a group alias that displays in the group list on the WebVPN Login page using the
group-alias command from tunnel group webvpn attributes mode:
OL-10088-01
enable interface
svc enable
ip local pool poolname startaddr-endaddr mask mask
address-pool poolname
default-group-policy name
group-alias name enable
Cisco Security Appliance Command Line Configuration Guide
Enabling SVC
38-3
Advertisement
Table of Contents
Troubleshooting
