Cisco ASA 5505 Configuration Manual page 1268

VPN Wizard
Firewall Mode
Routed
•
Remote Site Peer
Use the Remote Site Peer pane for the following tasks:
1.
2.
3.
Fields
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
62-4
Security Context
Transparent Single
— •
Providing the IP address of the remote IPsec peer that terminates this VPN tunnel.
Selecting and configuring an authentication method.
Creating a connection policy (tunnel group).
Peer IP Address—Type the IP address of the remote IPsec peer that terminates the VPN tunnel. The
peer might be another adaptive security appliance, a VPN concentrator, or any other gateway device
that supports IPsec.
Authentication Method—The remote site peer authenticates either with a preshared key or a
certificate.
– Pre-shared Key—Click to use a preshared key for authentication between the local adaptive
security appliance and the remote IPsec peer.
Using a preshared key is a quick and easy way to set up communication with a limited number
of remote peers and a stable network. It may cause scalability problems in a large network
because each IPsec peer requires configuration information for each peer with which it
establishes secure connections.
Each pair of IPsec peers must exchange preshared keys to establish secure tunnels. Use a secure
method to exchange the preshared key with the administrator of the remote site.
Pre-shared Key—Type the preshared key. Maximum 127 characters.
–
Certificate—Click to use certificates for authentication between the local adaptive security
–
appliance and the remote IPsec peer. To complete this section, you must have previously
enrolled with a CA and downloaded one or more certificates to the adaptive security appliance.
Digital certificates are an efficient way to manage the security keys used to establish an IPsec
tunnel. A digital certificate contains information that identifies a user or device, such as a name,
serial number, company, department or IP address. A digital certificate also contains a copy of
the public key.
To use digital certificates, each peer enrolls with a certification authority (CA), which is
responsible for issuing digital certificates. A CA can be a trusted vendor or a private CA that
you establish within an organization.
When two peers want to communicate, they exchange certificates and digitally sign data to
authenticate each other. When you add a new peer to the network, it enrolls with a CA, and none
of the other peers require additional configuration.
– Certificate Signing Algorithm—Displays the algorithm for signing digital certificates, rsa-sig
for RSA.
Multiple
Context System
— —
Chapter 62 VPN
OL-20339-01