Filter
Top Products
69-84
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
• The ASAs have IPv6 inside networks and the outside network is IPv6 (IPv6 addresses on the inside
and outside interfaces).
Fields
• Peer IP Address—Lets you specify an IP address (IPv4 or IPv6) and whether that address is static.
• Connection Name—Specifies the name assigned to this connection profile. For the Edit function,
this field is display-only. You can specify that the connection name is the same as the IP address
specified in the Peer IP Address field.
• Interface—Selects the interface to use for this connection.
• Protected Networks—Selects or specifies the local and remote network protected for this
connection.
–
IP Address Type—Specifies the address is an IPv4 or IPv6 address.
–
Local Network—Specifies the IP address of the local network.
–
...—Opens the Browse Local Network dialog box, in which you can select a local network.
–
Remote Network—Specifies the IP address of the remote network.
• IPsec Enabling—Specifies the group policy for this connection profile and the key exchange
protocol specified in that policy:
–
Group Policy Name—Specifies the group policy associated with this connection profile.
–
Manage—Opens the Browse Remote Network dialog box, in which you can select a remote
network.
–
Enable IKEv1—Enables the key exchange protocol IKEv1 in the specified group policy.
–
Enable IKEv2—Enables the key exchange protocol IKEv2 in the specified group policy.
• IKEv1 Settings tab—Specifies authentication and encryption settings for IKEv1:
–
Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The maximum
length of the pre-shared key is 128 characters.
–
Device Certificate—Specifies the name of the identity certificate, if available, to use for
authentication.
–
Manage—Opens the Manage Identity Certificates dialog box, on which you can see the
certificates that are already configured, add new certificates, show details for a certificate, and
edit or delete a certificate.
–
IKE Policy—Specifies one or more encryption algorithms to use for the IKE proposal.
–
Manage—Opens the Configure IKEv1 Proposals dialog box.
–
IPsec Proposal—Specifies one or more encryption algorithms to use for the IPsec IKEv1
proposal.
• IKEv2 Settings tab—Specifies authentication and encryption settings for IKEv2:
–
Local Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The
maximum length of the pre-shared key is 128 characters.
–
Local Device Certificate—Specifies the name of the identity certificate, if available, to use for
authentication.
–
Manage—Opens the Manage Identity Certificates dialog box, on which you can see the
certificates that are already configured, add new certificates, show details for a certificate, and
edit or delete a certificate.