67-18
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter67 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
For example, for the connection profile named docs, enter the following command:
hostname(config)# tunnel-group_docs general-attributes
hostname(config-tunnel-general)#
Step2 Specify the name of the accounting-server group, if any, to use:
hostname(config-tunnel-general)# accounting-server-group groupname
hostname(config-tunnel-general)#
For example, the following command specifies the use of the accounting-server group acctgserv1:
hostname(config-tunnel-general)# accounting-server-group acctgserv1
hostname(config-tunnel-general)#
Step3 Specify the name of the default group policy:
hostname(config-tunnel-general)# default-group-policy policyname
hostname(config-tunnel-general)#
For example, the following command specifies that the name of the default group policy is MyPolicy:
hostname(config-tunnel-general)# default-group-policy MyPolicy
hostname(config-tunnel-general)#
Configuring LAN-to-LAN IPsec IKEv1 Attributes
To configure the IPsec IKEv1 attributes, do the following steps:
Step1 To configure the tunnel-group IPsec IKEv1 attributes, enter tunnel-group ipsec-attributes configuration
mode by entering the tunnel-group command with the IPsec-attributes keyword.
hostname(config)# tunnel-group tunnel-group-name ipsec-attributes
hostname(config-tunnel-ipsec)#
For example, the following command enters config-ipsec mode so you can configure the parameters for
the connection profile named TG1:
hostname(config)# tunnel-group TG1 ipsec-attributes
hostname(config-tunnel-ipsec)#
The prompt changes to indicate that you are now in tunnel-group ipsec-attributes configuration mode.
Step2 Specify the preshared key to support IKEv1 connections based on preshared keys.
hostname(config-tunnel-ipsec)# ikev1 pre-shared-key key
hostname(config-tunnel-ipsec)#
For example, the following command specifies the preshared key XYZX to support IKEv1 connections
for an LAN-to-LAN connection profile:
hostname(config-tunnel-ipsec)# ikev1 pre-shared-key xyzx
hostname(config-tunnel-general)#
Step3 Specify whether to validate the identity of the peer using the peer’s certificate:
hostname(config-tunnel-ipsec)# peer-id-validate option
hostname(config-tunnel-ipsec)#