Table of Contents
Advertisement
13
Policy Management
You apply SAs to filter rules that are configured with an Apply IPSec action, for LAN-to-LAN traffic. See
Configuration | Policy Management | Traffic Management | Rules
creates and applies appropriate rules when you create a LAN-to-LAN connection; see Configuration |
System | Tunneling Protocols | IPSec LAN-to-LAN
traffic, under the IPSec Parameters section on the appropriate Configuration | User Management screens.
You can use IPSec in both client-to-LAN (remote-access) configurations and LAN-to-LAN
configurations. The Cisco VPN 3000 Client complies with the IPSec protocol and is specifically
designed to work with the VPN Concentrator. However, the VPN Concentrator can establish IPSec
connections with many protocol-compliant clients. Likewise, the VPN Concentrator can establish
LAN-to-LAN connections with other protocol-compliant VPN devices (often called "secure gateways").
The instructions in this section, however, assume peer VPN Concentrators.
The Cisco VPN 3000 Client supports these IPSec attributes:
• Aggressive Negotiation Mode
• Authentication Algorithms:
– ESP-MD5-HMAC-128
– ESP-SHA1-HMAC-160
• Authentication Modes:
– Preshared Keys
– X.509 Digital Certificates
• Diffie-Hellman Group 1
• Encryption Algorithms:
– DES-56
– 3DES-168
• Extended Authentication (XAuth)
• Mode Configuration (also known as ISAKMP Configuration Method)
• Tunnel Encapsulation Mode
Figure 13-10: Configuration | Policy Management | Traffic Management | Security Associations
screen
13-20
. The VPN Concentrator automatically
. You also apply SAs to groups and users, for remote-access
VPN 3000 Concentrator Series User Guide
Hide quick links:
Advertisement
Table of Contents
