Configure the PIX Security Appliance as an Easy VPN Server
Task 3 – define a group policy for mode configuration push

Complete this task to define a group policy to be pushed during mode configuration. Although users can belong to only one group per connection, they may belong to specific groups with different policy requirements.

Use the steps shown in Figure beginning in global configuration mode to define the policy attributes that are pushed to the Cisco VPN Client through mode configuration.

Step 1 Set the Tunnel Group Type
To enable remote access the tunnel group type must be named and set to remote access using the tunnel-group name type IPsec_RA command .

Step 2 Configure the IKE Pre-shared Key
Use the pre-shared-key command to specify the IKE pre-shared key when defining group policy information for the mode configuration push . This command must be used if the Cisco VPN Client identifies itself to the router with a pre-shared key.

Step 3 Specify the Local IP Address Pool
Use the address-pool command to refer to an IP local pool address, which defines a range of addresses that will be used to allocate an internal IP address to a VPN client .

Use the address-pool command in the general-attributes submode to define a local pool address.

Step 4 Configure the Group Policy Type
Use the group-policy command to create and specify the type of group to be created .

Step 5 Enter the Group Policy Attributes Submode
Enter the group policy attribute sub-command mode to configure parameters specific to the group created .

Step 6 Specify the DNS Servers
Specify the primary and secondary DNS servers using the dns-server command in group-policy configuration mode . This step is optional.

Every time that the dns-server command is issued, the existing setting are overwritten. To add a DNS server rather than overwrite previously configured servers, include the IP addresses of all DNS servers when this command is entered.

Step 7 Specify the WINS Servers
Specify the primary and secondary WINS servers using the wins-server command in group-policy configuration mode . This step is optional.

As with DNS servers, every time that the wins-server command is issued, the existing settings are overwritten.

Step 8 Specify the DNS Domain
Specify the DNS domain to which a group belongs by using the default-domain command in group-policy configuration mode . This step is optional.

The PIX Security Appliance passes the default domain name to the IPSec client to append to DNS queries that omit the domain field. This domain name applies only to tunneled packets. When there are no default domain names, users inherit the default domain name in the default group policy.

Step 9 Specify the Idle Timeout
Use the vpn-idle-timeout command to set the inactivity timeout for a Cisco VPN Client . When the inactivity timeout for a given VPN client or Easy VPN Remote device expires, the tunnel is terminated. The default inactivity timeout is 30 minutes.