Cisco ASA 5505 Configuration Manual page 1273

Chapter 62 VPN
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
VPN Client Authentication Method and Name
Use the VPN Client Authentication Method and Name pane to configure an authentication method and
create a connection policy (tunnel group).
Fields
•
OL-20339-01
Client will send the tunnel group name as username@tunnelgroup—Check to enable the adaptive
security appliance to associate different users that are establishing L2TP over IPsec connections
with different connection policies. Since each connection policy has its own AAA server group and
IP address pools, users can authenticate through methods specific to their policy.
Security Context
Transparent Single
—
•
Authentication Method—The remote site peer authenticates either with a preshared key or a
certificate.
Pre-shared Key—Click to use a preshared key for authentication between the local adaptive
–
security appliance and the remote IPsec peer.
Using a preshared key is a quick and easy way to set up communication with a limited number
of remote peers and a stable network. It may cause scalability problems in a large network
because each IPsec peer requires configuration information for each peer with which it
establishes secure connections.
Each pair of IPsec peers must exchange preshared keys to establish secure tunnels. Use a secure
method to exchange the preshared key with the administrator of the remote site.
Pre-shared Key—Type the preshared key.
–
– Certificate—Click to use certificates for authentication between the local adaptive security
appliance and the remote IPsec peer. To complete this section, you must have previously
enrolled with a CA and downloaded one or more certificates to the adaptive security appliance.
Digital certificates are an efficient way to manage the security keys used to establish an IPsec
tunnel. A digital certificate contains information that identifies a user or device, such as a name,
serial number, company, department or IP address. A digital certificate also contains a copy of
the public key.
To use digital certificates, each peer enrolls with a certification authority (CA), which is
responsible for issuing digital certificates. A CA can be a trusted vendor or a private CA that
you establish within an organization.
When two peers want to communicate, they exchange certificates and digitally sign data to
authenticate each other. When you add a new peer to the network, it enrolls with a CA, and none
of the other peers require additional configuration.
Certificate Name—Choose the name that identifies the certificate the adaptive security
–
appliance sends to the remote peer.
Multiple
Context System
— —
Cisco ASA 5500 Series Configuration Guide using ASDM
VPN Wizard
62-9