EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #652 background imageLoading...
Page #652 background image
32-6
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 32 Configuring Remote Access IPSec VPNs
Creating a Dynamic Crypto Map
Step 3 To configure the authentication method, enter the ipsec-attributes mode and then enter the
pre-shared-key command to create the preshared key. You need to use the same preshared key on both
the security appliance and the client.
Note The preshared key must be no larger than that used by the VPN client. If a Cisco VPN Client with a
different preshared key size tries to connect to a security appliance, the client logs an error message
indicating it failed to authenticate the peer.
The key is an alphanumeric string of 1-128 characters. In the following example the preshared key is
44kkaol59636jnfx.
hostname(config)# tunnel-group testgroup ipsec-attributes
hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx
Step 4 Save your changes.
hostname(config)# write memory
hostname(config)#
Creating a Dynamic Crypto Map
The security appliance uses dynamic crypto maps to define a policy template where all the parameters
do not have to be configured. These dynamic crypto maps let the security appliance receive connections
from peers that have unknown IP addresses. Remote access clients fall in this category.
Dynamic crypto map entries identify the transform set for the connection. You also enable reverse
routing, which lets the security appliance learn routing information for connected clients, and advertise
it via RIP or OSPF.
Step 1 To specify a transform set for a dynamic crypto map entry, enter the crypto dynamic-map set
transform-set command.
The syntax is crypto dynamic -map dynamic-map-name seq-num set transform-set
transform-set-name. In the following example the name of the dynamic map is dyn1, the sequence
number is 1, and the transform set name is FirstSet.
hostname(config)# crypto dynamic-map dyn1 1 set transform-set FirstSet
hostname(config)#
Step 2 To enable RRI for any connection based on this crypto map entry, enter the crypto dynamic-map set
reverse route command.
hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
hostname(config)#
Step 3 Save your changes.
hostname(config)# write memory
hostname(config)#

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals