Filter
Top Products
32-2
Cisco ASDM User Guide
OL-16647-01
Chapter 32 VPN
VPN Wizard
Note The VPN wizard lets you assign either preshared keys or digital certificates for authentication. However,
to use certificates, you must enroll with a certification authority and configure a trustpoint prior to using
the wizard. Use the ASDM Device Administration > Certificate panels and online Help to accomplish
these tasks.
VPN Overview
The security appliance creates a Virtual Private Network by creating a secure connection across a TCP/IP
network (such as the Internet) that users see as a private connection. It can create single-user-to-LAN
connections and LAN-to-LAN connections.
The secure connection is called a tunnel, and the security appliance uses tunneling protocols to negotiate
security parameters, create and manage tunnels, encapsulate packets, transmit or receive them through
the tunnel, and unencapsulate them. The security appliance functions as a bidirectional tunnel endpoint:
it can receive plain packets, encapsulate them, and send them to the other end of the tunnel where they
are unencapsulated and sent to their final destination. It can also receive encapsulated packets,
unencapsulate them, and send them to their final destination.
The security appliance performs the following functions:
• Establishes tunnels
• Negotiates tunnel parameters
• Authenticates users
• Assigns user addresses
• Encrypts and decrypts data
• Manages security keys
• Manages data transfer across the tunnel
• Manages data transfer inbound and outbound as a tunnel endpoint or router
VPN Tunnel Type
Use the VPN Tunnel Type panel to select the type of VPN tunnel to define, remote access or
LAN-to-LAN, and to identify the interface that connects to the remote IPsec peer.
Fields
• Site-to-Site—Click to create a LAN-to-LAN VPN configuration. Use between two IPsec security
gateways, which can include security appliances, VPN concentrators, or other devices that support
site-to-site IPsec connectivity. When you select this option, the VPN wizard displays a series of
panels that let you to enter the attributes a site-to-site VPN requires.
• Remote Access—Click to create a configuration that achieves secure remote access for VPN clients,
such as mobile users. This option lets remote users securely access centralized network resources.
When you select this option, the VPN wizard displays a series of panels that let you enter the
attributes a remote access VPN requires.
• VPN Tunnel Interface—Select the interface that establishes a secure tunnel with the remote IPsec
peer. If the security appliance has multiple interfaces, you need to plan the VPN configuration before
running this wizard, identifying the interface to use for each remote IPsec peer with which you plan
to establish a secure connection.