Policy group, Banner value string | Cisco Systems 6500 specs

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

policy group

policy group

		To define a group-policy template, associate a group-policy with a particular proxy server, and enter the
		group-policy submode, use the webvpn policy group command from context subcommand mode. Use
		the no form of this command to remove any commands that you have entered in the WebVPN
		subcommand mode from the configuration.
		policy group group-policy-name
		no policy group group-policy-name

Syntax Description		group-policy-nameName of the group policy.


Defaults		See the “Usage Guidelines” section for the submode command defaults.

Command Modes		WebVPN context submode

Command History		Release	Modification

		WebVPN Module	Support for this command was introduced on the Catalyst 6500 series
		Release 1.1	switches.


Usage Guidelines		The group-policy-nameargument is case-sensitive.
		After you enter the policy group command, the prompt changes to the following:
		webvpn(config-webvpn-group)#

Table 2-3lists the commands available to configure the group-policy template.

Table 2-3 Group-policy Commands

	Command			Purpose and Guidelines	Defaults

	banner value string			Specifies the banner string for the user or group. The string value	No string is specified.
				may contain 7-bit ASCII values, HTML tags, and escape
				sequences. This string is presented to the user after login.

	exit			Exits from group-policy configuration mode.

	filter tunnel {ip-acl			Defines the tunnel-specific access list.	No name is specified.
	ip-expanded-acl			• ip-acl—IP access list (standard or extended); valid values are
	name}
	name}			from 1 to 199.
				from 1 to 199.
				• ip-expanded-acl—IP expanded access list (standard or
				extended); valid values are from 1300 to 2699.
				• name—Access-list name.

			Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

	2-38				OL-7310-01
	2-38				OL-7310-01

Image 38

Cisco Systems 6500 manual Policy group, Banner value string, Filter tunnel ip-acl

Contents

Commands for the Catalyst 6500 Series Switch WebVPN Module Clear webvpn nbns DefaultsCommand Modes Command History Release Modification Clear webvpn platform Webvpn# clear webvpn platform User name Clear webvpn sessionClears the statistics for a specific context Specifies the user name Mangle Clear webvpn statsCifs Port-forward Url url Crypto key export rsa pemTerminal 3des Key nametest-keys UsageGeneral Purpose Key Usage-keys Crypto key generateGeneral-keys Exportable Crypto key generate rsa usage-keys This example shows how to generate special-usage RSA keysThis example shows how to generate general-purpose RSA keys Crypto key import rsa pem Release Modification PEM-formatted RSA key to the WebVPN Services Module Crypto pki authenticate Crypto pki authenticate trustpoint-label Defaults Command Modes Command History Usage Guidelines Crypto pki certificate Crypto pki crl request name Wwbvpnconfig# crypto pki crl requestCrypto pki crl request Crypto pki enroll This example shows how to request a certificateWebvpnconfig# crypto pki enroll PROXY1 Crypto pki enroll trustpoint-label Crypto pki export pem Related Commands crypto pki import pem Crypto pki export pkcs12 Include the full path in the pkcs12filename value This example shows how to export a PKCS12 file using SCPWwbvpnconfig# crypto ca export TP1 pkcs12 scp sky is blue PKCS12 file Crypto pki import pem Related Commands crypto pki export pem Usage Guidelines Examples Crypto pki import pkcs12 This example shows how to import a PKCS12 file using SCP Users/admin-1/pkcs12/TP2.p12 Crypto pki profile enrollment label Webvpnconfig# crypto pki profile enrollment testCrypto pki profile enrollment Crypto pki trustpoint Command Purpose and Guidelines Defaults Period minutes count count url url Enrollment http-proxymode ra retryPeriod minutes-1 Count count-10 Match certificate mapname map override Certificate map mapname commandPassword password Skip Vrf vrf Subject-name lineUsage ike ssl-client ssl-server Debug webvpn Event app next-hop tcp-Event debugging Trace module module- FDU trace Events- Events Ca-pool- CA PoolCert- Certificate management This example shows how to turn on tunnel debugging Usage Guidelines Nbns-list Nbns-list name no nbns-list name Exit Master timeoutNbns-server ipaddr Filter tunnel ip-acl Policy groupBanner value string Hide-url-bar Functions file-accessTimeout idle Nbns-list name Webvpnconfig# webvpn context cisco Webvpnconfig-webvpn-group#svc address-pool ciscotunlpool Port-forward Default local-portSpecifies the default local port valid values are from 1 to Port-forward listname no port-forward listname Related Commands url-list Webvpn context Webvpn# show web context tunnel Show webvpn contextShow webvpn context name Algorithm Show webvpn dispatchShow webvpn dispatch algorithm member stats Member Sslvpn CLB Member Table Show webvpn gateway name Webvpn# show webvpn gateway s1 Admin Status upShow webvpn gateway Webvpn# show webvpn gateway Csd Show webvpn installFile Status Webvpn# show web install file \webvpn\stc\version.txt All Show webvpn nbnsShow webvpn nbns context name all Show web nbns context all Show webvpn-platform buffers module all Show webvpn platform buffersShow webvpn-platform buffers module module Webvpn# show webvpn platform context tunnel Show webvpn platform contextShow webvpn platform context name module module OL-7310-01 Brief Show webvpn platform crash-infoShow webvpn platform crash-info brief details Details Nvram Version This Core Didnt Crash Debug Show webvpn platform gatewayShow webvpn platform gateway name debug module module Module module Vlan ID Show webvpn platform mac address This command has no default settingsShow webvpn platform mac address Module Ssl Show webvpn platform policyShow webvpn platform policy ssl tcp name Tcp Webvpn# show webvpn platform version Show webvpn platform versionShow webvpn platform version Webvpn# show webvpn platform vlan Show webvpn platform vlanShow webvpn platform vlan vlan-id Group name Related Commands webvpn policy sslShow webvpn policy Context name Tcp User name Show webvpn sessionContext name Webvpn# show webvpn session context c1 Webvpn# show webvpn stats Show webvpn statsShow webvpn stats type Mangling statistics Relative urls 15705 Absolute urls 41850 DPD Page TCP VCs Active VCs Aborted Conns Webvpn# show web stats context tunnel DPD Snmp-server enable This example shows how to enable authentication traps This example shows how to enable Snmp informsThis example shows how to enable traps Svc Command Modes WebVPN group context submodeCommand History Release Modification Dns-server primary secondary Command Purpose and Guidelines Default Rekey time interval Rekey method new-tunnel sslNo rekey method No rekey time Heading text Url-listUrl-list listname no url-list listname Url-text text url-value url/exchage Related Commands webvpn context Default-group-policy default-policy-name Aaa authentication domain domain-listSpecifies AAA configuration parameters for context Webvpn context No login-message InserviceLogin-message string Password-prompt prompt Policy group policy-name Ssl authenticate verify all noneAuthenticate verify -Specifies the SSL Policy ssl policy-name Color Name Url-list listnameVrf-name vrf-name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Webvpnconfig-webvpn-context# url-list cisco 100 Webvpn gateway No policy ssl SecondaryNo policy tcp Context and enter the gateway submode Webvpnconfig# webvpn gateway commonWebvpnconfig-webvpn-gateway#ip address 172.21.65.71 port Webvpn policy ssl Timeout session timeout absolute No session-cache enableTimeout handshake timeout Help Wwbvpnconfig# webvpn policy ssl sslpl1 This example shows how to enable session-cacheThis example shows how to disable session-cache Wwbvpnconfig-ssl-policy#cipher RSAWITH3DESEDECBCSHA Wwbvpnconfig-ssl-policy#timeout session 30000 absolute This example shows how to print out a helpRelated Commands show webvpn stats Default Exit Timeout syn is 75 secondsTimeout reassembly is 60 seconds Tos carryover is disabled Webvpn policy tcp No timeout fin-wait timeout-in-seconds Delayed-ack-thresholdDelay-ack-timeout No timeout inactivity timeout-in-seconds No tos carryover No timeout reassembly timeForm of this command to return to the default setting Server to client connection, the server connection must be 111 112