Filter
Top Products
32-8
Cisco ASDM User Guide
OL-16647-01
Chapter 32 VPN
VPN Wizard
–
Pre-shared Key—Type the preshared key.
–
Certificate—Click to use certificates for authentication between the local security appliance and
the remote IPsec peer. To complete this section, you must have previously enrolled with a CA
and downloaded one or more certificates to the security appliance.
Digital certificates are an efficient way to manage the security keys used to establish an IPsec
tunnel. A digital certificate contains information that identifies a user or device, such as a name,
serial number, company, department or IP address. A digital certificate also contains a copy of
the owner’s public key.
To use digital certificates, each peer enrolls with a certification authority (CA), which is
responsible for issuing digital certificates. A CA can be a trusted vendor or a private CA that
you establish within an organization.
When two peers want to communicate, they exchange certificates and digitally sign data to
authenticate each other. When you add a new peer to the network, it enrolls with a CA, and none
of the other peers require additional configuration.
–
Certificate Name—Select the name that identifies the certificate the security appliance sends to
the remote peer.
–
Certificate Signing Algorithm—Displays the algorithm for signing digital certificates, rsa-sig
for RSA.
–
Challenge/response authentication (CRACK)—Provides strong mutual authentication when the
client authenticates using a popular method such as RADIUS and the server uses public key
authentication. The security appliance supports CRACK as an IKE option in order to
authenticate the Nokia VPN Client on Nokia 92xx Communicator Series devices.
• Name—Type a name to create the record that contains tunnel connection policies for this IPsec
connection. A connection policy can specify authentication, authorization, and accounting servers,
a default group policy, and IKE attributes. A tunnel group that you configure with this VPN wizard
specifies an authentication method, and uses the security appliance Default Group Policy.
Modes
The following table shows the modes in which this feature is available:
Client Authentication
Use the Client Authentication panel to select the method by which the security appliance authenticates
remote users.
Fields
Select one of the following options:
• Authenticate using the local user database—Click to use authentication internal to the security
appliance. Use this method for environments with a small, stable number of users. The next panel
lets you create accounts on the security appliance for individual users.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——