Complete this task to define a group policy to be pushed during mode
configuration. Although users can belong to only one group per connection, they
may belong to specific groups with different policy requirements.
Use the steps shown in Figure
beginning in
global configuration mode to define the policy attributes that are pushed to
the Cisco VPN Client through mode configuration.
Step 1 Set the Tunnel
Group Type
To enable remote access the tunnel group type must be named
and set to remote access using the tunnel-group name
type IPsec_RA command
.
Step 2 Configure the IKE Pre-shared Key
Use the
pre-shared-key command to specify the IKE pre-shared key
when defining group policy information for the mode configuration push
. This command
must be used if the Cisco VPN Client identifies itself to the router with a
pre-shared key.
Step 3 Specify the Local IP Address Pool
Use
the address-pool command to refer to an IP local pool
address, which defines a range of addresses that will be used to allocate an
internal IP address to a VPN client
.
Use the
address-pool command in the general-attributes submode to
define a local pool address.
Step 4 Configure the Group Policy
Type
Use the group-policy command to create and
specify the type of group to be created
.
Step 5
Enter the Group Policy Attributes Submode
Enter the group policy
attribute sub-command mode to configure parameters specific to the group
created
.
Step 6 Specify the DNS Servers
Specify the primary and secondary
DNS servers using the dns-server command in group-policy
configuration mode
. This step is
optional.
Every time that the dns-server command is
issued, the existing setting are overwritten. To add a DNS server rather than
overwrite previously configured servers, include the IP addresses of all DNS
servers when this command is entered.
Step 7 Specify the WINS Servers
Specify the primary and secondary
WINS servers using the wins-server command in group-policy
configuration mode
. This step is
optional.
As with DNS servers, every time that the
wins-server command is issued, the existing settings are
overwritten.
Step 8 Specify the DNS Domain
Specify the DNS
domain to which a group belongs by using the default-domain
command in group-policy configuration mode
. This step is optional.
The PIX Security Appliance passes the
default domain name to the IPSec client to append to DNS queries that omit the
domain field. This domain name applies only to tunneled packets. When there are
no default domain names, users inherit the default domain name in the default
group policy.
Step 9 Specify the Idle Timeout
Use the
vpn-idle-timeout command to set the inactivity timeout for
a Cisco VPN Client
. When the
inactivity timeout for a given VPN client or Easy VPN Remote device expires,
the tunnel is terminated. The default inactivity timeout is 30 minutes.