Cisco ASA 5505 Configuration Manual page 1387

Chapter 64 General VPN Setup
Site-to-Site Connection Profiles
The Connection Profiles dialog box shows the attributes of the currently configured Site-to-Site
connection profiles (tunnel groups), lets you select the delimiter to use when parsing connection profile
names, and lets you add, modify, or delete connection profiles.
The security appliance supports IPv6 for IKEv1 IPsec LAN-to-LAN VPN connections, including
support for both inside and outside networks using the inner and outer IP headers.
Fields
•
•
Add/Edit Site-to-Site Connection
The Add or Edit IPsec Site-to-Site Connection dialog box lets you create or modify an IPsec Site-to-Site
connection. These dialog boxes let you specify the peer IP address (IPv4 or IPv6), specify a connection
name, select an interface, specify IKE peer and user authentication parameters, specify protected
networks, and specify encryption algorithms.
The adaptive security appliance supports LAN-to-LAN VPN connections to Cisco or third-party peers
when the two peers have IPv4 inside and outside networks (IPv4 addresses on the inside and outside
interfaces).
For LAN-to-LAN connections using mixed IPv4 and IPv6 addressing, or all IPv6 addressing, the
security appliance supports VPN tunnels if both peers are Cisco ASA 5500 series security appliances,
and if both inside networks have matching addressing schemes (both IPv4 or both IPv6).
Specifically, the following topologies are supported when both peers are Cisco ASA 5500 series adaptive
security appliances:
•
•
OL-20339-01
Access Interfaces—Displays a table of device interfaces where you can enable remote user access
on the interface:
Interface—The device interface to enable or disable access.
–
Allow Access—Check to enable access by remote users.
–
Connection Profiles—Displays a table of connection profiles where you can add, edit, or delete
profiles:
Add—Opens the Add IPsec Site-to-Site connection profile dialog box.
–
Edit—Opens the Edit IPsec Site-to-Site connection profile dialog box.
–
Delete—Removes the selected connection profile. There is no confirmation or undo.
–
– Name—The name of the connection profile.
– Interface—The interface the connection profile is enabled on.
– Local Network—Specifies the IP address of the local network.
Remote Network—Specifies the IP address of the remote network.
–
Enabled—Enables the connection profile.
–
Group Policy—Shows the default group policy of the connection profile.
–
The adaptive security appliances have IPv4 inside networks and the outside network is IPv6 (IPv4
addresses on the inside interfaces and IPv6 addresses on the outside interfaces).
The adaptive security appliances have IPv6 inside networks and the outside network is IPv4 (IPv6
addresses on the inside interface and IPv4 addresses on the outside interfaces).
Mapping Certificates to IPsec or SSL VPN Connection Profiles
Cisco ASA 5500 Series Configuration Guide using ASDM
64-77