beautypg.com

Guidelines for configuring the easy vpn server – Cisco ASA 5505 User Manual

Page 1568

background image

71-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 71 Configuring Easy VPN Services on the ASA 5505

Guidelines for Configuring the Easy VPN Server

hostname(config)# no vpnclient management

hostname(config)#

Guidelines for Configuring the Easy VPN Server

The following sections address the Easy VPN hardware client considerations that apply to the Easy VPN
server:

Group Policy and User Attributes Pushed to the Client

Authentication Options

Group Policy and User Attributes Pushed to the Client

Upon tunnel establishment, the Easy VPN server pushes the values of the group policy or user attributes
stored in its configuration to the Easy VPN hardware client. Therefore, to change certain attributes
pushed to the Easy VPN hardware client, you must modify them on the ASAs configured as the primary
and secondary Easy VPN servers. This section identifies the group policy and user attributes pushed to
the Easy VPN hardware client.

Note

This section serves only as a reference. For complete instructions on configuring group policies and
users, see

Configuring Connection Profiles, Group Policies, and Users, page 67-1

.

Use

Table 71-2

as a guide for determining which commands to enter to modify the group policy or user

attributes.

Table 71-2

Group Policy and User Attributes Pushed to the Cisco ASA 5505 Configured as an
EasyVPN Hardware Client

Command

Description

backup-servers

Sets up backup servers on the client in case the primary server fails to
respond.

banner

Sends a banner to the client after establishing a tunnel.

client-access-rule

Applies access rules.

client-firewall

Sets up the firewall parameters on the VPN client.

default-domain

Sends a domain name to the client.

dns-server

Specifies the IP address of the primary and secondary DNS servers, or
prohibits the use of DNS servers.

dhcp-network-scope

Specifies the IP subnetwork to which the DHCP server assigns address to
users within this group.

group-lock

Specifies a tunnel group to ensure that users connect to that group.

ipsec-udp

Uses UDP encapsulation for the IPsec tunnels.

ipsec-udp-port

Specifies the port number for IPsec over UDP.

nem

Enables or disables network extension mode.

password-storage

Lets the VPN user save a password in the user profile.

This manual is related to the following products:
See also other documents in the category Cisco Hardware: