Configuration Wizards
Using the Site-to-Site VPN Wizard to Configure Site-to-Site VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 68
2
STEP 4 After you are finished, click Next.
Configuring IKE Policies
STEP 5 Use the IKE Policies page to configure the IKE policies and to specify an IKE policy
for the IPsec VPN policy. You can choose the default or a custom IKE policy.
STEP 6 Click Add to add an IKE policy.
Other options: To edit an entry, click Edit. To delete an entry, select it and click
Delete. The default IKE policy (DefaultIke) cannot be edited or deleted.
STEP 7 Enter the following information:
• Name: Enter the name for the IKE policy.
• Encryption: Choose the algorithm used to negotiate the security
association. There are four algorithms supported by the security appliance:
ESP_3DES, ESP_AES_128, ESP_AES_192, and ESP_AES_256.
• HASH: Specify the authentication algorithm for the VPN header. There are
two HASH algorithms supported by the security appliance: SHA1 and MD5.
Ensure that the authentication algorithm is configured identically on both
sides.
• Authentication: Specify the authentication method that the security
appliance uses to establish the identity of each IPsec peer.
- PRE_SHARE: Use a simple, password-based key to authenticate. The
alpha-numeric key is shared with IKE peer. Pre-shared keys do not scale
well with a growing network but are easier to set up in a small network.
- RSA_SIG: Use a digital certificate to authenticate. RSA_SIG is a digital
certificate with keys generated by the RSA signatures algorithm. In this
case, a certificate must be configured in order for the RSA-Signature to
work.
• D-H Group: Choose the Diffie-Hellman group identifier. The identifier is used
by two IPsec peers to derive a shared secret without transmitting it to each
other. The D-H Group sets the strength of the algorithm in bits. The default is
Group 5. The lower the Diffie-Hellman group number, the less CPU time it
requires to be executed. The higher the D-H group number, the greater the
security level.
- Group 2 (1024-bit)
- Group 5 (1536-bit)