Contents
xlviii
Cisco ASA 5500 Series Configuration Guide using the CLI
VPN Load-Balancing Cluster Configurations 66-9
Some Typical Mixed Cluster Scenarios 66-10
Scenario 1: Mixed Cluster with No SSL VPN Connections 66-10
Scenario 2: Mixed Cluster Handling SSL VPN Connections 66-10
Configuring Load Balancing 66-11
Configuring the Public and Private Interfaces for Load Balancing 66-11
Configuring the Load Balancing Cluster Attributes 66-12
Enabling Redirection Using a Fully Qualified Domain Name 66-13
Frequently Asked Questions About Load Balancing 66-14
IP Address Pool Exhaustion 66-14
Unique IP Address Pools 66-14
Using Load Balancing and Failover on the Same Device 66-15
Load Balancing on Multiple Interfaces 66-15
Maximum Simultaneous Sessions for Load Balancing Clusters 66-15
Viewing Load Balancing 66-15
Configuring VPN Session Limits 66-16
CHAPTER
67 Configuring Connection Profiles, Group Policies, and Users 67-1
Overview of Connection Profiles, Group Policies, and Users 67-1
Connection Profiles 67-2
General Connection Profile Connection Parameters 67-3
IPsec Tunnel-Group Connection Parameters 67-4
Connection Profile Connection Parameters for SSL VPN Sessions 67-5
Configuring Connection Profiles 67-6
Maximum Connection Profiles 67-6
Default IPsec Remote Access Connection Profile Configuration 67-7
Configuring IPsec Tunnel-Group General Attributes 67-7
Configuring Remote-Access Connection Profiles 67-7
Specifying a Name and Type for the Remote Access Connection Profile 67-8
Configuring Remote-Access Connection Profile General Attributes 67-8
Configuring Double Authentication 67-12
Configuring Remote-Access Connection Profile IPsec IKEv1 Attributes 67-13
Configuring IPsec Remote-Access Connection Profile PPP Attributes 67-15
Configuring LAN-to-LAN Connection Profiles 67-17
Default LAN-to-LAN Connection Profile Configuration 67-17
Specifying a Name and Type for a LAN-to-LAN Connection Profile 67-17
Configuring LAN-to-LAN Connection Profile General Attributes 67-17
Configuring LAN-to-LAN IPsec IKEv1 Attributes 67-18
Configuring Connection Profiles for Clientless SSL VPN Sessions 67-20