1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. WS-CE500 - Catalyst Express 500-24PC
  6. Administration manual

Cisco WS-CE500 Administration Manual page 146

Sa500 series small business security appliances
Hide thumbs
Table of Contents

Advertisement

Configuring VPN
Advanced Configuration of IPsec VPN
STEP 4
STEP 5
STEP 6
Cisco SA500 Series Security Appliances Administration Guide
In the Local area, enter the following information:
Identifier Type and Identifier: Choose the type of identifier for the local
device, and then enter the ID in the text box.
-
Local WAN IP
-
Internet Address/FQDN
-
User FQDN
-
DER ASN1 DN.
Typically, an IP address is used for site-to-site connections since the
NOTE
IP address or FQDN is well known. An IP address is required if you want to
use Main Mode. For remote client connections, the User FQDN is never
resolved but provides a means of identifying a client that can have different
IP address depending on network that is used to make the connection. The
DER ASN1 DN is used as an identifier when certificates are used for
authentication.
In the Remote area, enter the following information:
Identifier Type and Identifier: Choose the type of identifier for the local
device, and then enter the ID in the text box.
An IP address is required if you want to use Main Mode.
NOTE
In the IKE SA Parameters area, enter the information about the Security
Association (SA) parameters, which define the strength and the mode for
negotiating the SA.
Encryption Algorithm: The algorithm used to negotiate the SA. There are
five algorithms supported by this router: DES, 3DES, AES-128, AES-192, and
AES-256.
Authentication Algorithm: Specify the authentication algorithm for the VPN
header. There are five algorithms supported by this router: MD5, SHA-1,
SHA2-256, SHA2-384 and SHA2-512.
Ensure that the authentication algorithm is configured identically on
NOTE
both sides.
Authentication Method: Select Pre-shared key for a simple password
based key. Selecting RSA-Signature disables the pre-shared key text box
and uses the Active Self Certificate uploaded in the Certificates page. In that
case, a certificate must be configured in order for RSA-Signature to work.
See
Managing Certificates for Authentication, page
7
190.
146

Advertisement

Table of Contents
loading

Related Manuals for Cisco WS-CE500

Related Products for Cisco WS-CE500

This manual is also suitable for:

Esw-540-24 - small business pro switchEsw-540-48 - small business pro switchWs-ce500-24lc - catalyst express switchWs-ce500-24pc - catalyst express 500-24pc switchWs-ce500-24tt - catalyst express switchWs-ce500g-12tc - catalyst express 500g-12tc ... Show all

Table of Contents