71-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter71 Configuring Easy VPN Services on the ASA 5505
Guidelines for Configuring the Easy VPN Server
hostname(config)# no vpnclient management
hostname(config)#
Guidelines for Configuring the Easy VPN Server
The following sections address the Easy VPN hardware client considerations that apply to the Easy VPN
server:
Group Policy and User Attributes Pushed to the Client
Authentication Options

Group Policy and User Attributes Pushed to the Client

Upon tunnel establishment, the Easy VPN server pushes the values of the group policy or user attributes
stored in its configuration to the Easy VPN hardware client. Therefore, to change certain attributes
pushed to the Easy VPN hardware client, you must modify them on the ASAs configured as the primary
and secondary Easy VPN servers. This section identifies the group policy and user attributes pushed to
the Easy VPN hardware client.
Note This section serves only as a reference. For complete instructions on configuring group policies and
users, see Configuring Connection Profiles, Group Policies, and Users, page67-1.
Use Table71-2 as a guide for determining which commands to enter to modify the group policy or user
attributes.
Table71-2 Group Policy and User Attributes Pushed to the Cisco ASA 5505 Configured as an
EasyVPN Hardware Client
Command Description
backup-servers Sets up backup servers on the client in case the primary server fails to
respond.
banner Sends a banner to the client after establishing a tunnel.
client-access-rule Applies access rules.
client-firewall Sets up the firewall parameters on the VPN client.
default-domain Sends a domain name to the client.
dns-server Specifies the IP address of the primary and secondary DNS servers, or
prohibits the use of DNS servers.
dhcp-network-scope Specifies the IP subnetwork to which the DHCP server assigns address to
users within this group.
group-lock Specifies a tunnel group to ensure that users connect to that group.
ipsec-udp Uses UDP encapsulation for the IPsec tunnels.
ipsec-udp-port Specifies the port number for IPsec over UDP.
nem Enables or disables network extension mode.
password-storage Lets the VPN user save a password in the user profile.