VPN
Configuring a Site-to-Site VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 352
8
STEP 5 Click Save to apply your settings.
Remote Teleworker Configuration Examples
Use Case: You want to establish a site-to-site VPN tunnel between the security
appliance and a remote UC500 to provide voice and data services to phones at a
remote site.
Solution: When you use Cisco Configuration Assistant (CCA) Multisite Manager
(MSM) to configure the site-to-site VPN settings on the UC500, CCA MSM uses the
default IKE policy and transform set. In this case, the security appliance must
create an IPsec VPN policy as follows to establish the site-to-site VPN tunnel with
the UC500.
ISA500
IP Phone
IP
UC500
IP Phone
IP
site-to-site VPN
283881
Field Setting
Remote Network Choose an address group that includes multiple
subnets on the UC500.
NOTE: By default, three VLANs (192.168.10.0/24,
10.1.1.0/24, and 10.1.10.0/24) are predefined on the
UC500.
IKE Policy Encryption = ESP_3DES
Hash = SHA1
D-H Group = Group 2
NOTE: The default IKE policy used on the UC500
cannot be modified through CCA. The above IKE
settings must be configured on the security appliance.