35-55
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
Mapping Certificates to IPSec or SSL VPN Connection Profiles
Add/Edit Site-to-Site Connection
The Add or Edit IPSec Site-to-Site Connection dialog box lets you create or modify an IPSec Site-to-Site
connection. These dialog boxes let you specify the peer IP address, specify a connection name, select an
interface, specify IKE peer and user authentication parameters, specify protected networks, and specify
encryption algorithms.
Fields
• Peer IP Address—Lets you specify an IP address and whether that address is static.
• Connection Name—Specifies the name assigned to this tunnel group. For the Edit function, this field
is display-only. You can specify that the connection name is the same as the IP address specified in
the Peer IP Address field.
• Interface—Selects the interface to use for this connection.
• IKE Authentication—Specifies the pre-shared key and ID certificate to use when authenticating an
IKE peer.
–
Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The maximum
length of the pre-shared key is 128 characters.
–
Identity Certificate—Specifies the name of the identity certificate, if available, to use for
authentication.
–
Manage—Opens the Manage CA Certificates window, on which you can see the certificates that
are already configured, add new certificates, show details for a certificate, and edit or delete a
certificate.
• Protected Networks—Selects or specifies the local and remote network protected for this
connection.
–
Local Network—Specifies the IP address of the local network.
–
...—Opens the Browse Local Network dialog box, on which you can select a local network.
–
Remote Network—Specifies the IP address of the remote network.
–
...—Opens the Browse Remote Network dialog box, on which you can select a remote network.
• Encryption Algorithm—Specifies the encryption algorithms to use in the IKE and IPSec proposals.
–
IKE Proposal—Specifies one or more encryption algorithms to use for the IKE proposal.
–
Manage—Opens the Configure IKE Proposals dialog box.
–
IPSec Proposal—Specifies one or more encryption algorithms to use for the IPSec proposal.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——