EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1745 background imageLoading...
Page #1745 background image
CHAPTER
1-1
Cisco ASA Series CLI Configuration Guide
1
Configuring Remote Access IPsec VPNs
This chapter describes how to configure Remote Access IPsec VPNs and includes the following sections:
• Information About Remote Access IPsec VPNs, page 1-1
• Licensing Requirements for Remote Access IPsec VPNs, page 1-2
• Guidelines and Limitations, page 1-6
• Configuring Remote Access IPsec VPNs, page 1-7
• Configuration Examples for Remote Access IPsec VPNs, page 1-14
• Feature History for Remote Access VPNs, page 1-15
Information About Remote Access IPsec VPNs
Remote access VPNs allow users to connect to a central site through a secure connection over a TCP/IP
network such as the Internet. The Internet Security Association and Key Management Protocol, also
called IKE, is the negotiation protocol that lets the IPsec client on the remote PC and the ASA agree on
how to build an IPsec Security Association. Each ISAKMP negotiation is divided into two sections
called Phase1 and Phase2.
Phase 1 creates the first tunnel to protect later ISAKMP negotiation messages. Phase 2 creates the tunnel
that protects data travelling across the secure connection.
To set the terms of the ISAKMP negotiations, you create an ISAKMP policy. It includes the following:
• An authentication method, to ensure the identity of the peers.
• An encryption method, to protect the data and ensure privacy.
• A Hashed Message Authentication Codes (HMAC) method to ensure the identity of the sender and
to ensure that the message has not been modified in transit.
• A Diffie-Hellman group to set the size of the encryption key.
• A time limit for how long the ASA uses an encryption key before replacing it.
A transform set combines an encryption method and an authentication method. During the IPsec security
association negotiation with ISAKMP, the peers agree to use a particular transform set to protect a
particular data flow. The transform set must be the same for both peers.
A transform set protects the data flows for the access list specified in the associated crypto map entry.
You can create transform sets in the ASA configuration, and then specify a maximum of 11 of them in
a crypto map or dynamic crypto map entry.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals