Cisco ASA 5505 Configuration Manual page 1269
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 62
VPN
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
IKE Policy
IKE, also called Internet Security Association and Key Management Protocol (ISAKMP), is the
negotiation protocol that lets two hosts agree on how to build an IPsec Security Association. Each IKE
negotiation is divided into two sections called Phase1 and Phase 2.
•
•
Use the IKE Policy pane to set the terms of the Phase 1 IKE negotiations, which include the following:
•
•
•
Fields
•
Algorithm
DES
3DES
OL-20339-01
Certificate Name—Choose the name that identifies the certificate the adaptive security
–
appliance sends to the remote peer. This list displays trustpoints with a certificate of the type
previously selected in the certificate signing algorithm list.
Challenge/response authentication (CRACK)—Provides strong mutual authentication when the
–
client authenticates using a popular method such as RADIUS and the server uses public key
authentication. The security appliance supports CRACK as an IKE option in order to
authenticate the Nokia VPN Client on Nokia 92xx Communicator Series devices.
Tunnel Group Name—Type a name to create the record that contains tunnel connection policies for
this IPsec connection. A connection policy can specify authentication, authorization, and accounting
servers, a default group policy, and IKE attributes. A policy that you configure with this VPN wizard
specifies an authentication method, and uses the adaptive security appliance Default Group Policy.
By default, ASDM populates this field with the value of the Peer IP address. You can change this
name. Maximum 64 characters.
Security Context
Transparent Single
—
•
Phase 1 creates the first tunnel, which protects later IKE negotiation messages.
Phase 2 creates the tunnel that protects data.
An encryption method to protect the data and ensure privacy.
An authentication method to ensure the identity of the peers.
A Diffie-Hellman group to establish the strength of the of the encryption-key-determination
algorithm. The adaptive security appliance uses this algorithm to derive the encryption and hash
keys.
Encryption—Select the symmetric encryption algorithm the adaptive security appliance uses to
establish the Phase 1 SA that protects Phase 2 negotiations. The adaptive security appliance supports
the following encryption algorithms:
Explanation
Data Encryption Standard. Uses a 56-bit key.
Triple DES. Performs encryption three times using a 56-bit key.
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
VPN Wizard
62-5
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
