Cisco Systems ASA 5512-X Manual

A SERVICE OF

next previous

69-86

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter 69 General VPN Setup

Mapping Certificates to IPsec or SSL VPN Connection Profiles

Adding or Editing a Site-to-Site Tunnel Group

The Add or Edit IPsec Site-to-Site Tunnel Group dialog box lets you specify attributes for the IPsec

site-to-site connection that you are adding. In addition, you can select IKE peer and user authentication

parameters, configure IKE keepalive monitoring, and select the default group policy.

Fields

• Name—Specifies the name assigned to this tunnel group. For the Edit function, this field is

display-only.

• IKE Authentication—Specifies the pre-shared key and Identity certificate parameters to use when

authenticating an IKE peer.

–

Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The maximum

length of the pre-shared key is 128 characters.

–

Identity Certificate—Specifies the name of the ID certificate to use for authentication, if

available.

–

Manage—Opens the Manage Identity Certificates dialog box, on which you can see the

certificates that are already configured, add new certificates, show details for a certificate, and

edit or delete a certificate.

–

IKE Peer ID Validation—Specifies whether to check IKE peer ID validation. The default is

Required.

• IPsec Enabling—Specifies the group policy for this connection profile and the key exchange

protocol specified in that policy:

–

Group Policy Name—Specifies the group policy associated with this connection profile.

–

Manage—Opens the Browse Remote Network dialog box, in which you can select a remote

network.

–

Enable IKEv1—Enables the key exchange protocol IKEv1 in the specified group policy.

–

Enable IKEv2—Enables the key exchange protocol IKEv2 in the specified group policy.

• IKEv1 Settings tab—Specifies authentication and encryption settings for IKEv1:

–

Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The maximum

length of the pre-shared key is 128 characters.

–

Device Certificate—Specifies the name of the identity certificate, if available, to use for

authentication.

–

Manage—Opens the Manage Identity Certificates dialog box, on which you can see the

certificates that are already configured, add new certificates, show details for a certificate, and

edit or delete a certificate.

–

IKE Policy—Specifies one or more encryption algorithms to use for the IKE proposal.

–

Manage—Opens the Configure IKEv1 Proposals dialog box.

–

IPsec Proposal—Specifies one or more encryption algorithms to use for the IPsec IKEv1

proposal.

• IKEv2 Settings tab—Specifies authentication and encryption settings for IKEv2:

–

Local Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The

maximum length of the pre-shared key is 128 characters.

–

Local Device Certificate—Specifies the name of the identity certificate, if available, to use for

authentication.