Using The Tunnel-Group-Map Default-Group Command; Configuring Ipsec; Understanding Ipsec Tunnels - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 27
Configuring IPSec and ISAKMP
The following example enables mapping of certificate-based ISAKMP sessions to a tunnel group based
on the IP address of the peer:
hostname(config)# tunnel-group-map enable peer-ip
hostname(config)#
The following example enables mapping of certificate-based ISAKMP sessions based on the
organizational unit (OU) in the subject distinguished name (DN):
hostname(config)# tunnel-group-map enable ou
hostname(config)#
The following example enables mapping of certificate-based ISAKMP sessions based on established
rules:
hostname(config)# tunnel-group-map enable rules
hostname(config)#
Using the Tunnel-group-map default-group Command
This command specifies a default tunnel group to use when the configuration does not specify a tunnel
group.
The syntax is tunnel-group-map [rule-index] default-group tunnel-group-name where the rule-index
is the priority for the rule, and tunnel-group name must be for a tunnel group that already exists.
Configuring IPSec
This section provides background information about IPSec and describes the procedures required to
configure the security appliance when using IPSec to implement a VPN. It contains the following topics:
•
•
•
•
•
•
•
•
•
•
Understanding IPSec Tunnels
IPSec tunnels are sets of SAs that the security appliance establishes between peers. The SAs define the
protocols and algorithms to apply to sensitive data, and also specify the keying material the peers use.
IPSec SAs control the actual transmission of user traffic. SAs are unidirectional, but are generally
established in pairs (inbound and outbound).
The peers negotiate the settings to use for each SA. Each SA consists of the following:
OL-12172-03
Understanding IPSec Tunnels, page 27-11
Understanding Transform Sets, page 27-12
Defining Crypto Maps, page 27-12
Applying Crypto Maps to Interfaces, page 27-20
Using Interface Access Lists, page 27-20
Changing IPSec SA Lifetimes, page 27-22
Creating a Basic IPSec Configuration, page 27-22
Using Dynamic Crypto Maps, page 27-24
Providing Site-to-Site Redundancy, page 27-26
Viewing an IPSec Configuration, page 27-26
Cisco Security Appliance Command Line Configuration Guide
Configuring IPSec
27-11
Advertisement
Table of Contents
Troubleshooting
