Cisco ASA 5505 Configuration Manual page 1389

Chapter 64 General VPN Setup
Fields
Name—Specifies the name assigned to this tunnel group. For the Edit function, this field is
•
display-only.
• IKE Authentication—Specifies the pre-shared key and Identity certificate parameters to use when
authenticating an IKE peer.
–
–
–
–
IKE Keepalive ——Enables and configures IKE keepalive monitoring. You can select only one of
•
the following attributes.
–
–
–
–
–
Default Group Policy—Select the group policy and client protocols that you want to use as the
•
default for this connection. A VPN group policy is a collection of user-oriented attribute-value pairs
that can be stored internally on the device or externally on a RADIUS server. IPsec connections and
user accounts refer to the group-policy information.
–
–
–
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
OL-20339-01
Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The maximum
length of the pre-shared key is 128 characters.
Identity Certificate—Specifies the name of the ID certificate to use for authentication, if
available.
Manage—Opens the Manage Identity Certificates dialog box, on which you can see the
certificates that are already configured, add new certificates, show details for a certificate, and
edit or delete a certificate.
IKE Peer ID Validation—Specifies whether to check IKE peer ID validation. The default is
Required.
Disable Keep Alives—Enables or disables IKE keep alives.
Monitor Keep Alives—Enables or disables IKE keep alive monitoring. Selecting this option
makes available the Confidence Interval and Retry Interval fields.
Confidence Interval—Specifies the IKE keep alive confidence interval. This is the number of
seconds the adaptive security appliance should allow a peer to idle before beginning keepalive
monitoring. The minimum is 10 seconds; the maximum is 300 seconds. The default for a remote
access group is 10 seconds.
Retry Interval—Specifies number of seconds to wait between IKE keep alive retries. The default
is 2 seconds.
Head end will never initiate keepalive monitoring—Specifies that the central-site adaptive
security appliance never initiates keepalive monitoring.
Group Policy—Lists the currently configured group policies. The default value is
DfltGrpPolicy.
Manage—Opens the Configure Group Policies dialog box, on which you can view the
configured group policies and add, edit, or delete group policies from the list.
IPsec Protocol—Enables or disables the IPsec protocol for use by this group policy.
Security Context
Transparent Single
—
•
Mapping Certificates to IPsec or SSL VPN Connection Profiles
Multiple
Context System
— —
Cisco ASA 5500 Series Configuration Guide using ASDM
64-79