VPN
Configuring a Site-to-Site VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 341
8
Configuration Tasks to Establish a Site-to-Site VPN Tunnel
To establish a site-to-site VPN tunnel, complete the following configuration tasks:
• Add the subnet IP address objects for your local network and remote
network. See Address Management, page 175.
• (Optional) Import the certificates for authentication between two peers.
Skip this step if you want to use the pre-shared key for authentication. See
Managing Certificates for Authentication, page 418.
• Enable the site-to-site VPN feature on the security appliance. See General
Site-to-Site VPN Settings, page 341.
• Configure IKE policies. See Configuring IKE Policies, page 349.
• Configure transform policies. See Configuring Transform Sets, page 351.
• Configure IPsec VPN policies. See Configuring IPsec VPN Policies,
page 343.
• (Optional) Check an enabled IPsec VPN policy and click the Connect icon
to initiate the VPN connection.
When a site-to-site IPsec VPN policy is in place and enabled, a connection
will be triggered by any traffic that matches the policy. In this case, the VPN
tunnel will be set up automatically. However, for an IPsec VPN policy in which
this router’s Remote Network is set to Any (a “site-to-any” tunnel), a
connection cannot be set up automatically. Instead you must manually
establish the VPN connection by clicking the Connect icon.
• View the status and statistic information for all IPsec VPN sessions. See
Viewing IPsec VPN Status, page 335.
General Site-to-Site VPN Settings
STEP 1 Click VPN > Site-to-Site > IPsec Policies.
The IPsec Policies window opens. All existing IPsec VPN policies are listed in the
table. The following information is displayed:
• Name: The name of the IPsec VPN policy.
• Enable: Shows if the IPsec VPN policy is enabled or disabled.
• Status: Shows if the IPsec VPN tunnel is connected or disconnected.