65-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter65 Configuring L2TP over IPsec
Configuring L2TP over IPsec
Step7 default-group-policy name
Example:
hostname(config)# tunnel-group DefaultRAGroup
general-attributes
hostname(config-tunnel-general)# default-group-policy
DfltGrpPolicy
Links the name of a group policy to the
connection profile (tunnel group).
Step8 ip local pool pool_name starting_address-ending_address
mask subnet_mask
Example:
hostname(config)# ip local pool sales_addresses
10.4.5.10-10.4.5.20 mask 255.255.255.0
(Optional) Creates an IP address pool.
Step9 address-pool pool_name
Example:
hostname(config)# tunnel-group DefaultRAGroup
general-attributes
hostname(config-tunnel-general)# address-pool
sales_addresses
(Optional) Associates the pool of IP
addresses with the connection profile
(tunnel group).
Step10 authentication-server-group server_group
Example:
hostname(config)# tunnel-group DefaultRAGroup
general-attributes
hostname(config-tunnel-general)# authentication-server-group
sales_server LOCAL
Specifies a method to authenticate users
attempting L2TP over IPsec connections,
for the connection profile (tunnel group). If
you are not using the ASA to perform local
authentication, and you want to fallback to
local authentication, add LOCAL to the end
of the command.
Step11 authentication auth_type
Example:
hostname(config)# tunnel-group name ppp-attributes
hostname(config-ppp)# authentication ms-chap-v1
Specifies the PPP authentication protocol
for the tunnel group. See Table65-1 for the
types of PPP authencation and their
characteristics.
Step12 tunnel-group tunnel group name ipsec-attributes
Example:
hostname(config)# tunnel-group DefaultRAGroup
ipsec-attributes
hostname(config-tunnel-ipsec)# pre-shared-key cisco123
Sets the pre-shared key for your connection
profile (tunnel group).
Step13 accounting-server-group aaa_server_group
Example:
hostname(config)# tunnel-group sales_tunnel
general-attributes
hostname(config-tunnel-general)# accounting-server-group
sales_aaa_server
(Optional) Generates a AAA accounting
start and stop record for an L2TP session for
the connection profile (tunnel group).
Command Purpose