Filter
Top Products
17-14
Cisco Unified Communications Manager Security Guide
OL-24124-01
Chapter 17 Configuring Virtual Private Networks
Sample ASA configuration summary
!--- Group-policy
group-policy GroupPhoneWebvpn internal
group-policy GroupPhoneWebvpn attributes
banner none
vpn-simultaneous-logins 10
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc webvpn
default-domain value nw048b.cisco.com
address-pools value Webvpn_POOL
webvpn
svc dtls enable
svc keep-installer installed
svc keepalive 120
svc rekey time 4
svc rekey method new-tunnel
svc dpd-interval client none
svc dpd-interval gateway 300
svc compression deflate
svc ask none default webvpn
!--- Configure user attributes
username test password S.eA5Qq5kwJqZ3QK encrypted
username test attributes
vpn-group-policy GroupPhoneWebvpn
service-type remote-access
!—Configure username with Phone MAC address for certificate+password method
username CP-7975G-SEP001AE2BC16CB password k1kLGQIoxyCO4ti9 encrypted
username CP-7975G-SEP001AE2BC16CB attributes
vpn-group-policy GroupPhoneWebvpn
service-type remote-access
!--- Configure tunnel group for username-password authentication
tunnel-group VPNphone type remote-access
tunnel-group VPNphone general-attributes
address-pool Webvpn_POOL
default-group-policy GroupPhoneWebvpn
tunnel-group VPNphone webvpn-attributes
group-url https://10.89.79.135/VPNphone enable
!--- Configure tunnel group with certificate only authentication
tunnel-group CertOnlyTunnelGroup type remote-access
tunnel-group CertOnlyTunnelGroup general-attributes
default-group-policy GroupPhoneWebvpn
tunnel-group CertOnlyTunnelGroup webvpn-attributes
authentication certificate
group-url https://10.89.79.135/CertOnly enable
!--- Configure tunnel group with certificate + password authentication
tunnel-group CertPassTunnelGroup type remote-access
tunnel-group CertPassTunnelGroup general-attributes
authorization-server-group LOCAL
default-group-policy GroupPhoneWebvpn
username-from-certificate CN
tunnel-group CertPassTunnelGroup webvpn-attributes
authentication aaa certificate
pre-fill-username ssl-client
group-url https://10.89.79.135/CertPass enable
!
class-map inspection_default
match default-inspection-traffic
!