Table of Contents
Advertisement
Configuring VPN
Advanced Configuration of IPsec VPN
STEP 4
STEP 5
Cisco SA500 Series Security Appliances Administration Guide
In the Local Traffic Selection area and the Remote Traffic Selection area, enter
the following information to specify the IP addresses that are on either side of the
tunnel:
•
Local IP or Remote IP: Choose one of the following options:
-
Any: Allows all traffic from the given end point. Note that selecting Any
for both local and remote end points is not valid.
-
Single: Allows only one host to connect to the VPN. If you choose this
option, also enter the IP address of the host in the Start IP Address field.
-
Range: Allows all computers within an IP address range to connect to the
VPN. If you choose this option, also specify the range by entering the
Start IP Address and the End IP address.
-
Subnet: Allows all computers on a subnet to connect to the VPN. If you
choose this option, also enter the network address and the subnet mask.
If you chose Manual Policy for the Policy Type, create an SA (Security Association)
by entering the following static inputs in the Manual Policy Parameters area:
•
SPI-Incoming or SPI-Outgoing: Enter a hexadecimal value between 3 and
8 characters. For example: 0a1234.
•
Encryption Algorithm: Choose the algorithm that is used to encrypt the
data.
•
Key-In: Enter the encryption key of the inbound policy.
•
Key-Out: Encryption key of the outbound policy.
The length of the keys depends on the chosen algorithm:
-
DES: 8 characters
-
3DES: 24 characters
-
AES-128: 16 characters
-
AES-192: 24 characters
-
AES-256: 32 characters
-
AES-CCM: 16 characters
7
150
Hide quick links:
Advertisement
Table of Contents
