Re: authorization for ezvpn

From: Jason W. Miller (jaymiller5@gmail.com)
Date: Sat Aug 25 2007 - 12:50:54 ART

• Next message: Scott Morris: "RE: Which approach to change spanning-tree hello-time?"
• Previous message: Herbert Maosa: "Re: San Jose Hotel Recommendations"
• Maybe in reply to: C SAMARTH: "authorization for ezvpn"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I believe they do the same thing it just depends where you want to turn it
up.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp
.html#wpmkr1157889

Authorization requiredThis parameter lets you require authorization before
a user can connect, or turn off that requirement.

On 8/25/07, C SAMARTH <samarth_04@hotmail.com> wrote:
>
> Hi Security Gurus,
>
>
> what is the difference when we enable authorization-required in the
> tunnel-group general atrributes v/s tunnel-group ipsec attributes on the
> ASA.
>
>
> ip local pool pool 192.168.11.1-192.168.11.254vpn-addr-assign local
> tunnel-group ratunnel type ipsec-ratunnel-group ratunnel
> general-attributes
> address-pool pool
> authorization-server-group LOCAL default-group-policy group1
> authorization-required <----------------------------**
> tunnel-group ratunnel ipsec-attributes pre-shared-key *
> authorization-required <---------------------------- **
> ASA-1(config)# sh run group-policygroup-policy group1 internalgroup-policy
> group1 attributes group-lock value ratunnel vpn-idle-timeout 10
>
>
> Best Wishes,
> SAMARTH
> CCIE #18535
>
>

--
~Jay~

• Next message: Scott Morris: "RE: Which approach to change spanning-tree hello-time?"
• Previous message: Herbert Maosa: "Re: San Jose Hotel Recommendations"
• Maybe in reply to: C SAMARTH: "authorization for ezvpn"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:13 ART