Cisco ASA 5505 Configuration Manual page 1284

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Creating IKE Policies

The following table shows the modes in which this feature is available:

Firewall Mode

Creating IKE Policies

Each IKE negotiation is divided into two sections called Phase1 and Phase 2.

Phase 1 creates the first tunnel, which protects later IKE negotiation messages. Phase 2 creates the tunnel

that protects data.

To set the terms of the IKE negotiations, you create one or more IKE policies, which include the

Cisco ASA 5500 Series Configuration Guide using ASDM

Enter up to 10 comma-separated TCP port values—Type up to 10 ports on which to enable IPsec

over TCP. Use a comma to separate the ports. You do not need to use spaces. The default port

is 10,000. The range is 1 to 65,635.

Identity to Be Sent to Peer—Lets you set the way that IPsec peers identify themselves to each other.

Identity—Choose one of the following methods by which IPsec peers identify themselves:

Uses the IP addresses of the hosts.

Uses the fully-qualified domain names of the hosts. This name

comprises the hostname and the domain name.

Uses the string the remote peer uses to look up the preshared key.

Determines IKE negotiation by connection type: IP address for

preshared key or cert DN for certificate authentication.

Key Id String—Type the alpha-numeric string the peers use to look up the preshared key.

Disable inbound aggressive mode connections—Choose to disable aggressive mode connections.

Alert peers before disconnecting—Choose to have the adaptive security appliance notify qualified

LAN-to-LAN peers and remote access clients before disconnecting sessions.

Wait for all active sessions to voluntarily terminate before rebooting—Choose to have the adaptive

security appliance postpone a scheduled reboot until all active sessions terminate.

Security Context

Transparent Single

A unique priority (1 through 65,543, with 1 the highest priority).

An authentication method, to ensure the identity of the peers.

An encryption method, to protect the data and ensure privacy.

An HMAC method to ensure the identity of the sender, and to ensure that the message has not been

modified in transit.

A Diffie-Hellman group to establish the strength of the of the encryption-key-determination

algorithm. The adaptive security appliance uses this algorithm to derive the encryption and hash

Configuring IKE, Load Balancing, and NAC

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 1284

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents