Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
6-2
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 6 VPN Wizards
IPsec IKEv1 Remote Access Wizard
packets, encapsulate them, and send them to the other end of the tunnel where they are unencapsulated
and sent to their final destination. It can also receive encapsulated packets, unencapsulate them, and send
them to their final destination.
The four VPN wizards described in this section are as follows:
IPsec IKEv1 Remote Access Wizard
IPsec Site-to-Site VPN Wizard
AnyConnect VPN Wizard
Clientless SSL VPN Wizard
IPsec IKEv1 Remote Access Wizard
Use the IKEv1 Remote Access Wizard to select remote access or LAN-to-LAN and to identify the
interface that connects to the remote IPsec peer. The tunnel type is automatically selected when the
wizard is started.
Fields
Remote Access—Click to create a configuration that achieves secure remote access for VPN clients,
such as mobile users. This option lets remote users securely access centralized network resources.
When you select this option, the VPN wizard displays a series of panes that let you enter the
attributes a remote access VPN requires.
VPN Tunnel Interface—Choose the interface that establishes a secure tunnel with the remote IPsec
peer. If the ASA has multiple interfaces, you need to plan the VPN configuration before running this
wizard, identifying the interface to use for each remote IPsec peer with which you plan to establish
a secure connection.
Enable inbound IPsec sessions to bypass interface access lists—Enable IPsec authenticated inbound
sessions to always be permitted through the security appliance (that is, without a check of the
interface access-list statements). Be aware that the inbound sessions bypass only the interface ACLs.
Configured group-policy, user, and downloaded ACLs still apply.
Remote Access Client
Remote access users of various types can open VPN tunnels to this ASA. Choose the type of VPN client
for this tunnel.
Fields
VPN Client Type
Cisco VPN Client, Release 3.x or higher, or other Easy VPN Remote product
Microsoft Windows client using L2TP over IPsec—Specify the PPP authentication protocol.
The choices are PAP, CHAP, MS-CHAP-V1, MS-CHAP-V2, and EAP-PROXY:
PAP—Passes cleartext username and password during authentication and is not secure.
CHAP—In response to the server challenge, the client returns the encrypted [challenge plus
password] with a cleartext username. This protocol is more secure than the PAP, but it does not
encrypt data.