Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Add/Edit Internal Group Policy > Client Configuration

69-33

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

ACL Manager

Add/Edit Internal Group Policy > Client Configuration > General Client Parameters

This dialog box configures client attributes that are common across both Cisco and Microsoft clients,

including the banner text, default domain, split tunnel parameters, and address pools.

Note The AnyConnect VPN client and the SSL VPN client do not support split DNS.

Fields

•Inherit—(Multiple instances) Indicates that the corresponding setting takes its value from the

default group policy. Unchecking the Inherit check box makes other options available for the

parameter. This is the default option for all attributes on this tab.

•Banner—Specifies whether to inherit the banner from the default group policy or enter new banner

text. To insert a new line in a paragraph, use the /n tag. For more information, see View/Config

Banner.

The IPsec VPN client supports full HTML for the banner. However, the clientless portal and the

AnyConnect client support partial HTML. To ensure the banner displays properly to remote users,

follow these guidelines:

–

For IPsec client users, use the /n tag.

–

For AnyConnect client users, use the <BR> tag.

–

For clientless users, use the <BR> tag.

•Edit Banner—Displays the View/Config Banner dialog box, in which you can enter banner text, up

to 500 characters.

•Default Domain—Specifies whether to inherit the default domain from the default group policy or

use a new default domain specified in the field.

•Split Tunnel DNS Names (space delimited)—Specifies whether to inherit the split-tunnel DNS

names or from the default group policy or specify a new name or list of names in the field.

•Split Tunnel Policy—Specifies whether to inherit the split-tunnel policy from the default group

policy or select a policy from the menu. The menu options are to tunnel all networks, tunnel those

in the network list below, or exclude those in the network list below.

•Split Tunnel Network List—Specifies whether to inherit the split-tunnel network list from the

default group policy or choose from the drop-down list.

•Manage—Opens the ACL Manager dialog box, in which you can manage standard and extended

access control lists.

•Address Pools—Configures the address pools available through this group policy.

–

Available Pools—Specifies a list of address pools for allocating addresses to remote clients.

Unchecking the Inherit check box with no address pools in the Assigned Pools list indicates that

no address pools are configured and disables inheritance from other sources of group policy.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

•—•——

Cisco Systems Add/Edit Internal Group Policy > Client Configuration > General Client Parameters

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505