Filter
Top Products
69-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 69 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Detailed Steps
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface
This section describes the procedure to configure an ISAKMP policy on the outside interface and how
to enable the policy.
Detailed Steps
Perform the following steps and use the command syntax in the following examples as a guide.
Command Purpose
Step 1
interface {interface}
Example:
hostname(config)# interface ethernet0
hostname(config-if)#
Enters interface configuration mode from global configuration
mode.
Step 1
ip address ip_address [mask] [standby
ip_address]
Example:
hostname(config)# interface ethernet0
hostname(config-if)#
hostname(config-if)# ip address
10.10.4.200 255.255.0.0
Sets the IP address and subnet mask for the interface.
Step 2
nameif name
Example:
hostname(config-if)# nameif outside
hostname(config-if)#
Specifies a name for the interface (maximum of 48 characters).
You cannot change this name after you set it.
Step 3
shutdown
Example:
hostname(config-if)# no shutdown
hostname(config-if)#
Enables the interface. By default, interfaces are disabled.
Command Purpose
Step 1
crypto ikev1 policy priority
authentication {crack | pre-share |
rsa-sig}
Example:
hostname(config)# crypto ikev1 policy 1
authentication pre-share
hostname(config)#
Specifies the authentication method and the set of parameters to
use during IKEv1 negotiation.
Priority uniquely identifies the Internet Key Exchange (IKE)
policy and assigns a priority to the policy. Use an integer from 1
to 65,534, with 1 being the highest priority and 65,534 the lowest.
In this example and the steps that follow, we set the priority to 1.
Step 2
crypto ikev1 policy priority encryption
{aes | aes-192 | aes-256 | des | 3des}
Example:
hostname(config)# crypto ikev1 policy 1
encryption 3des
hostname(config)#
Specifies the encryption method to use within an IKE policy.