Filter
Top Products
32-3
Cisco ASDM User Guide
OL-16647-01
Chapter 32 VPN
VPN Wizard
• Enable inbound IPsec sessions to bypass interface access lists—Enable IPsec authenticated inbound
sessions to always be permitted through the security appliance (that is, without a check of the
interface access-list statements). Be aware that the inbound sessions bypass only the interface ACLs.
Configured group-policy, user, and downloaded ACLs still apply.
Modes
The following table shows the modes in which this feature is available:
Remote Site Peer
Use the Remote Site Peer panel for the following tasks:
1. Providing the IP address of the remote IPsec peer that terminates this VPN tunnel.
2. Selecting and configuring an authentication method.
3. Creating a connection policy (tunnel group).
Fields
• Peer IP Address—Type the IP address of the remote IPsec peer that terminates the VPN tunnel. The
peer might be another security appliance, a VPN concentrator, or any other gateway device that
supports IPsec.
• Authentication Method—The remote site peer authenticates either with a preshared key or a
certificate.
–
Pre-shared Key—Click to use a preshared key for authentication between the local security
appliance and the remote IPsec peer.
Using a preshared key is a quick and easy way to set up communication with a limited number
of remote peers and a stable network. It may cause scalability problems in a large network
because each IPsec peer requires configuration information for each peer with which it
establishes secure connections.
Each pair of IPsec peers must exchange preshared keys to establish secure tunnels. Use a secure
method to exchange the preshared key with the administrator of the remote site.
–
Pre-shared Key—Type the preshared key. Maximum 127 characters.
–
Certificate—Click to use certificates for authentication between the local security appliance and
the remote IPsec peer. To complete this section, you must have previously enrolled with a CA
and downloaded one or more certificates to the security appliance.
Digital certificates are an efficient way to manage the security keys used to establish an IPsec
tunnel. A digital certificate contains information that identifies a user or device, such as a name,
serial number, company, department or IP address. A digital certificate also contains a copy of
the owner’s public key.
To use digital certificates, each peer enrolls with a certification authority (CA), which is
responsible for issuing digital certificates. A CA can be a trusted vendor or a private CA that
you establish within an organization.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——