Cisco Systems ASA 5525-X Network Router User Manual


  Open as PDF
of 2086
 
6-7
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 6 VPN Wizards
IPsec Site-to-Site VPN Wizard
PFS ensures that a session key derived from a set of long-term public and private keys is not
compromised if one of the private keys is compromised in the future.
PFS must be enabled on both sides of the connection.
Diffie-Hellman Group—Select the Diffie-Hellman group identifier, which the two IPsec peers
use to derive a shared secret without transmitting it to each other. The default, Group 2 (1024-bit
Diffie-Hellman), requires less CPU time to execute but is less secure than Group 5 (1536-bit).
Summary
The Summary pane displays all of the attributes of this VPN LAN-to-LAN connection as configured.
Fields
Back—To make changes, click Back until you reach the appropriate pane.
Finish—When you are satisfied with the configuration, click Finish. ASDM saves the LAN-to-LAN
configuration. After you click Finish, you can no longer use the VPN wizard to make changes to this
configuration. Use ASDM to edit and configure advanced features.
Cancel—To remove the configuration, click Cancel.
IPsec Site-to-Site VPN Wizard
Use this wizard to set up new site-to-site VPN tunnels. A tunnel between two devices is called a
site-to-site tunnel and is bidirectional. A site-to-site VPN tunnel protects the data using the IPsec
protocol.
Peer Device Identification
Identify the peer VPN device by its IP address and the interface used to access the peer.
Fields
Peer IP Address—Configure the IP address of the peer device.
VPN Access Interface—Use the drop-down to specify the interface for the site-to-site tunnel.
IKE Version
ASA supports both version 1 and version 2 of the IKE (Internet Key Exchange) protocol. This step lets
you decide which version or versions to support in this connection profile.
Fields
IKEv1
IKEv2