CHAPTER
27-1
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
27
Configuring IPSec and ISAKMP
This chapter describes how to configure the IPSec and ISAKMP standards to build Virtual Private
Networks. It includes the following sections:
• Tunneling Overview, page 27-1
• IPSec Overview, page 27-2
• Configuring ISAKMP, page 27-2
• Configuring Certificate Group Matching, page 27-9
• Configuring IPSec, page 27-11
• Clearing Security Associations, page 27-27
• Clearing Crypto Map Configurations, page 27-27
• Supporting the Nokia VPN Client, page 27-28
Tunneling Overview
Tunneling makes it possible to use a public TCP/IP network, such as the Internet, to create secure
connections between remote users and a private corporate network. Each secure connection is called a
tunnel.
The security appliance uses the ISAKMP and IPSec tunneling standards to build and manage tunnels.
ISAKMP and IPSec accomplish the following:
• Negotiate tunnel parameters
• Establish tunnels
• Authenticate users and data
• Manage security keys
• Encrypt and decrypt data
• Manage data transfer across the tunnel
• Manage data transfer inbound and outbound as a tunnel endpoint or router
The security appliance functions as a bidirectional tunnel endpoint. It can receive plain packets from the
private network, encapsulate them, create a tunnel, and send them to the other end of the tunnel where
they are unencapsulated and sent to their final destination. It can also receive encapsulated packets from
the public network, unencapsulate them, and send them to their final destination on the private network.
To Next Page
Loading...
Need help?
General