Cisco Systems OL-24124-01 manual 17-14, Svc rekey time

Page 14

Chapter 17 Configuring Virtual Private Networks

Sample ASA configuration summary

!--- Group-policy

group-policy GroupPhoneWebvpn internal group-policy GroupPhoneWebvpn attributes

banner none vpn-simultaneous-logins 10 vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol IPSec svc webvpn default-domain value nw048b.cisco.com address-pools value Webvpn_POOL webvpn

svc dtls enable

svc keep-installer installed svc keepalive 120

svc rekey time 4

svc rekey method new-tunnel svc dpd-interval client none svc dpd-interval gateway 300 svc compression deflate

svc ask none default webvpn

!--- Configure user attributes

username test password S.eA5Qq5kwJqZ3QK encrypted username test attributes

vpn-group-policy GroupPhoneWebvpn service-type remote-access

!—Configure username with Phone MAC address for certificate+password method username CP-7975G-SEP001AE2BC16CB password k1kLGQIoxyCO4ti9 encrypted username CP-7975G-SEP001AE2BC16CB attributes

vpn-group-policy GroupPhoneWebvpn service-type remote-access

!--- Configure tunnel group for username-password authentication tunnel-group VPNphone type remote-access

tunnel-group VPNphone general-attributes address-pool Webvpn_POOL default-group-policy GroupPhoneWebvpn

tunnel-group VPNphone webvpn-attributes group-url https://10.89.79.135/VPNphone enable

!--- Configure tunnel group with certificate only authentication tunnel-group CertOnlyTunnelGroup type remote-access tunnel-group CertOnlyTunnelGroup general-attributes

default-group-policy GroupPhoneWebvpn tunnel-group CertOnlyTunnelGroup webvpn-attributes

authentication certificate

group-url https://10.89.79.135/CertOnly enable

!--- Configure tunnel group with certificate + password authentication tunnel-group CertPassTunnelGroup type remote-access

tunnel-group CertPassTunnelGroup general-attributes authorization-server-group LOCAL default-group-policy GroupPhoneWebvpn username-from-certificate CN

tunnel-group CertPassTunnelGroup webvpn-attributes authentication aaa certificate pre-fill-username ssl-client

group-url https://10.89.79.135/CertPass enable

!

class-map inspection_default match default-inspection-traffic

!

 

Cisco Unified Communications Manager Security Guide

17-14

OL-24124-01

Page 13 Page 15
Image 14
Page 13 Page 15
Contents 17-1 Configuring the VPN FeatureSupported Devices Configuration Steps 17-217-3 IOS configuration requirementsConfiguring IOS for VPN client on IP phone Routerconfig# ip route destip mask gatewayip 17-4Sample IOS configuration summary 17-517-6 Aaa new-model17-7 Hidekeys17-8 17-9 ASA configuration requirementsConfiguring ASA for VPN client on IP phone 17-10 Sample ASA configuration summary 17-1117-12 Same-security-traffic permit inter-interface17-13 17-14 Svc rekey time17-15 17-16
Top Page Image Contents