Configure Ipsec Secure Channel - Cisco Firepower 4110 Preparative Procedures & Operational User Manual

Cisco Preparative Procedures & Operational User Guide
Timeout field
c) Click OK to close the
4) Click Save.

4.4.9 Configure IPsec Secure Channel

You can configure IPsec on your FXOS chassis to provide end-to-end data encryption and authentication
service on data packets going through the public network. This option is one of a number offered for
achieving Common Criteria certification compliance on your system. In the evaluation configuration, you
must send syslog traffic over IPsec as configured below. In addition, the following protocols should also
be protected using IPsec: LDAP, TACACS and RADIUS.
1) From the FXOS CLI, enter the security mode:
scope system
scope security
2) Enter the IPSec mode:
scope ipsec
3) Set the log verbose level:
set log-level log_level
4) Create or enter an IPSec connection:
enter connection connection_name
5) Set IPSec mode to tunnel or transport:
set mode tunnel_or_transport
6) Set local IP address:
set local-addr ip_address
7) Set remote IP address:
set remote-addr ip_address
8) If using tunnel mode, set remote subnet:
set remote-subnet ip/mask
9) (Optional) Set remote identity:
set remote-ike-ident remote_identity_name
10) Set keyring name:
set keyring-name name
11) (Optional) Set keyring password:
set keyring-passwd passphrase
© 2016 Cisco Systems, Inc. All rights reserved.
The length of time in seconds the system should spend trying to
contact the TACACS+ database before it times out.
Enter an integer from 1 to 60 seconds, or enter 0 (zero) to use the
global timeout value specified on the
5 seconds.
Add TACACS+ Provider
TACACS+
dialog box.
tab. The default is