Cisco 5505 Administration Guide - Page 41
vpn-tunnel-protocol svc, default-group-policy - sale
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 41 highlights
Chapter 4 Installing the AnyConnect Client on a Security Appliance Using CLI Enabling AnyConnect Client SSL VPN Connections Using CLI Step 5 Step 6 Step 7 Step 8 Step 9 ip local pool poolname startaddr-endaddr mask mask The following example creates the local IP address pool vpn_users: hostname(config)# ip local pool vpn_users 209.165.200.225-209.165.200.254 mask 255.255.255.224 Assign IP addresses to a tunnel group. One method you can use to do this is to assign a local IP address pool with the address-pool command from general-attributes mode: address-pool poolname To do this, first enter the tunnel-group name general-attributes command to enter general-attributes mode. Then specify the local IP address pool using the address-pool command. In the following example, the user configures the existing tunnel group telecommuters to use the address pool vpn_users created in step 3: hostname(config)# tunnel-group telecommuters general-attributes hostname(config-tunnel-general)# address-pool vpn_users Assign a default group policy to the tunnel group with the default-group-policy command from tunnel group general attributes mode: default-group-policy name In the following example, the user assigns the group policy sales to the tunnel group telecommuters: hostname(config-tunnel-general)# default-group-policy sales Create and enable a group alias that displays in the group list on the WebVPN Login page using the group-alias command from tunnel group webvpn attributes mode: group-alias name enable First exit to global configuration mode, and then enter the tunnel-group name webvpn-attributes command to enter tunnel group webvpn attributes mode. In the following example, the user enters webvpn attributes configuration mode for the tunnel group telecommuters, and creates the group alias sales_department: hostname(config)# tunnel-group telecommuters webvpn-attributes hostname(config-tunnel-webvpn)# group-alias sales_department enable Enable the display of the tunnel-group list on the WebVPN Login page from webvpn mode: tunnel-group-list enable First exit to global configuration mode, and then enter webvpn mode. In the following example, the user enters webvpn mode, and then enables the tunnel group list: hostname(config)# webvpn hostname(config-webvpn)# tunnel-group-list enable Specify SSL as a permitted VPN tunneling protocol for the group or user with the vpn-tunnel-protocol svc command in group-policy mode or username mode: vpn-tunnel-protocol svc You can also specify other protocols to permit by adding the names of those protocols to this command. For more information about the vpn-tunnel-protocol command, see the command description in Cisco Security Appliance Command Reference. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 4-3