30-7
Cisco Security Appliance Command Line Configuration Guide
OL-12172-03
Chapter 30 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
no override-svc-download
no radius-reject-message
dns-group DefaultDNS
tunnel-group DefaultRAGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 1500 retry 2
no radius-sdi-xauth
isakmp ikev1-user-authentication xauth
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
Configuring IPSec Tunnel-Group General Attributes
The general attributes are common across more than one tunnel-group type. IPSec remote access and
clientless SSL VPN tunnels share most of the same general attributes. IPSec LAN-to-LAN tunnels use
a subset. Refer to the
Cisco Security Appliance Command Reference
for complete descriptions of all
commands. The following sections describe, in order, how to configure IPSec remote-access connection
profiles, IPSec LAN-to-LAN connection profiles, and clientless SSL VPN connection profiles.
Configuring IPSec Remote-Access Connection Profiles
Use an IPSec remote-access connection profile when setting up a connection between a remote client
and a central-site security appliance, using a hardware or software client.To configure an IPSec
remote-access connection profile, first configure the tunnel-group general attributes, then the IPSec
remote-access attributes. An IPSec Remote Access VPN connection profile applies only to
remote-access IPSec client connections. To configure an IPSec remote-access connection profile, see the
following sections:
•
Specifying a Name and Type for the IPSec Remote Access Connection Profile, page 30-7
.
•
Configuring IPSec Remote-Access Connection Profile General Attributes, page 30-8
.
•
Configuring IPSec Remote-Access Connection Profile IPSec Attributes, page 30-12
.
Specifying a Name and Type for the IPSec Remote Access Connection Profile
Create the connection profile, specifying its name and type, by entering the
tunnel-group
command. For
an IPSec remote-access tunnel, the type is
remote-access
hostname(config)#
tunnel-group
tunnel_group_name
type remote-access
hostname(config)#
For example, to create an IPSec remote-access connection profile named TunnelGroup1, enter the
following command:
hostname(config)#
tunnel-group TunnelGroup1 type remote-access
hostname(config)#
Summary of Contents for 500 Series
Page 38: ...Contents xxxviii Cisco Security Appliance Command Line Configuration Guide OL 12172 03 ...
Page 45: ...P A R T 1 Getting Started and General Information ...
Page 46: ......
Page 277: ...P A R T 2 Configuring the Firewall ...
Page 278: ......
Page 561: ...P A R T 3 Configuring VPN ...
Page 562: ......
Page 891: ...P A R T 4 System Administration ...
Page 892: ......
Page 975: ...P A R T 5 Reference ...
Page 976: ......