Cisco ASA 5505 Configuration Manual page 1267

Chapter 62 VPN
•
•
VPN Tunnel Type
Use the VPN Tunnel Type pane to select the type of VPN tunnel to define, remote access or
LAN-to-LAN, and to identify the interface that connects to the remote IPsec peer.
Fields
•
•
•
•
Modes
The following table shows the modes in which this feature is available:
OL-20339-01
Manages data transfer across the tunnel
Manages data transfer inbound and outbound as a tunnel endpoint or router
Site-to-Site—Click to create a LAN-to-LAN VPN configuration. Use between two IPsec security
gateways, which can include adaptive security appliances, VPN concentrators, or other devices that
support site-to-site IPsec connectivity. When you select this option, the VPN wizard displays a
series of panes that let you to enter the attributes a site-to-site VPN requires.
The adaptive security appliance supports LAN-to-LAN VPN connections to Cisco or third-party
peers when the two peers have IPv4 inside and outside networks (IPv4 addresses on the inside and
outside interfaces).
For LAN-to-LAN connections using mixed IPv4 and IPv6 addressing, or all IPv6 addressing, the
security appliance supports VPN tunnels if both peers are Cisco ASA 5500 series security
appliances, and if both inside networks have matching addressing schemes (both IPv4 or both IPv6).
Specifically, the following topologies are supported when both peers are Cisco ASA 5500 series
adaptive security appliances:
The adaptive security appliances have IPv4 inside networks and the outside network is IPv6
–
(IPv4 addresses on the inside interfaces and IPv6 addresses on the outside interfaces).
– The adaptive security appliances have IPv6 inside networks and the outside network is IPv4
(IPv6 addresses on the inside interface and IPv4 addresses on the outside interfaces).
– The adaptive security appliances have IPv6 inside networks and the outside network is IPv6
(IPv6 addresses on the inside and outside interfaces).
Remote Access—Click to create a configuration that achieves secure remote access for VPN clients,
such as mobile users. This option lets remote users securely access centralized network resources.
When you select this option, the VPN wizard displays a series of panes that let you enter the
attributes a remote access VPN requires.
VPN Tunnel Interface—Choose the interface that establishes a secure tunnel with the remote IPsec
peer. If the adaptive security appliance has multiple interfaces, you need to plan the VPN
configuration before running this wizard, identifying the interface to use for each remote IPsec peer
with which you plan to establish a secure connection.
Enable inbound IPsec sessions to bypass interface access lists—Enable IPsec authenticated inbound
sessions to always be permitted through the security appliance (that is, without a check of the
interface access-list statements). Be aware that the inbound sessions bypass only the interface ACLs.
Configured group-policy, user, and downloaded ACLs still apply.
Cisco ASA 5500 Series Configuration Guide using ASDM
VPN Wizard
62-3