EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1600 background imageLoading...
Page #1600 background image
1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring L2TP over IPsec
Prerequisites for Configuring L2TP over IPsec
Prerequisites for Configuring L2TP over IPsec
Configuring L2TP over IPsec has the following prerequisites:
You can configure the default group policy (DfltGrpPolicy) or a user-defined group policy for
L2TP/IPsec connections. In either case, the group policy must be configured to use the L2TP/IPsec
tunneling protocol. If the L2TP/IPsec tunning protocol is not configured for your user-defined group
policy, configure the DfltGrpPolicy for the L2TP/IPsec tunning protocol and allow your
user-defined group policy to inherit this attribute.
You need to configure the default connection proflie (tunnel group), DefaultRAGroup, if you are
performing “pre-shared key” authentication. If you are performing certificate-based authentication,
you can use a user-defined connection profile that can be chosen based on certificate identifiers.
IP connectivity needs to be established between the peers. To test connectivity, try to ping the IP
address of the ASA from your endpoint and try to ping the IP address of your endpoint from the
ASA.
Make sure that UDP port 1701 is not blocked anywhere along the path of the connection.
If a Windows 7 endpoint device authenticates using a certificate that specifies a SHA signature type,
the signature type must match that of the ASA, either SHA1 or SHA2.
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single context mode. Multiple context mode is not supported.
Firewall Mode Guidelines
Supported only in routed firewall mode. Transparent mode is not supported.
Failover Guidelines
L2TP over IPsec sessions are not supported by stateful failover.
IPv6 Guidelines
There is no native IPv6 tunnel setup support for L2TP over IPsec.
Authentication Guidelines
The ASA only supports the PPP authentications PAP and Microsoft CHAP, Versions 1 and 2, on the local
database. EAP and CHAP are performed by proxy authentication servers. Therefore, if a remote user
belongs to a tunnel group configured with the authentication eap-proxy or authentication chap
commands, and the ASA is configured to use the local database, that user will not be able to connect.
Supported PPP Authentication Types
L2TP over IPsec connections on the ASA support only the PPP authentication types shown in Table 1-1.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals