Support User Manuals

Cisco Systems ASA 5510 Network Router User Manual

Open as PDF

of 2086

69-87

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter 69 General VPN Setup

Mapping Certificates to IPsec or SSL VPN Connection Profiles

–

Manage—Opens the Manage Identity Certificates dialog box, on which you can see the

certificates that are already configured, add new certificates, show details for a certificate, and

edit or delete a certificate.

–

Remote Peer Pre-shared Key—Specify the value of the remote peer pre-shared key for the

tunnel group. The maximum length of the pre-shared key is 128 characters.

–

Remote Peer Certificate Authentication—Check Allowed to allow certificate authentication for

IKEv2 connections for this connection profile.

–

Manage—Opens the Manage CA Certificates dialog where you can view certificates and add

new ones.

–

IKE Policy—Specifies one or more encryption algorithms to use for the IKE proposal.

–

Manage—Opens the Configure IKEv1 Proposals dialog box.

–

IPsec Proposal—Specifies one or more encryption algorithms to use for the IPsec IKEv1

proposal.

–

Select—Opens the Select IPsec Proposals (Transform Sets) dialog box, where you can assign a

proposal to the connection profile for IKEv2 connections.

• IKE Keepalive —Enables and configures IKE keepalive monitoring. You can select only one of the

following attributes.

–

Disable Keep Alives—Enables or disables IKE keep alives.

–

Monitor Keep Alives—Enables or disables IKE keep alive monitoring. Selecting this option

makes available the Confidence Interval and Retry Interval fields.

–

Confidence Interval—Specifies the IKE keep alive confidence interval. This is the number of

seconds the ASA should allow a peer to idle before beginning keepalive monitoring. The

minimum is 10 seconds; the maximum is 300 seconds. The default for a remote access group is

10 seconds.

–

Retry Interval—Specifies number of seconds to wait between IKE keep alive retries. The default

is 2 seconds.

–

Head end will never initiate keepalive monitoring—Specifies that the central-site ASA never

initiates keepalive monitoring.

Modes

The following table shows the modes in which this feature is available:

Crypto Map Entry

In this dialog box, specify crypto parameters for the Connection Profile.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next