Configuring ipsec and isakmp, Information about tunneling, ipsec, and isakmp, C h a p t e r – Cisco ASA 5505 User Manual

C H A P T E R

64-1

Cisco ASA 5500 Series Configuration Guide using the CLI

64

Configuring IPsec and ISAKMP

This chapter describes how to configure Internet Protocol Security (IPsec) and the Internet Security
Association and Key Management Protocol (ISAKMP) standards to build Virtual Private Networks
VPNs). It includes the following sections:

•

Information About Tunneling, IPsec, and ISAKMP, page 64-1

•

Licensing Requirements for Remote Access IPsec VPNs, page 64-3

•

Guidelines and Limitations, page 64-8

•

Configuring ISAKMP, page 64-8

•

Configuring Certificate Group Matching for IKEv1, page 64-17

•

Configuring IPsec, page 64-19

•

Clearing Security Associations, page 64-34

•

Clearing Crypto Map Configurations, page 64-35

•

Supporting the Nokia VPN Client, page 64-35

Information About Tunneling, IPsec, and ISAKMP

Tunneling makes it possible to use a public TCP/IP network, such as the Internet, to create secure
connections between remote users and a private corporate network. Each secure connection is called a
tunnel.

The ASA uses the ISAKMP and IPsec tunneling standards to build and manage tunnels. ISAKMP and
IPsec accomplish the following:

•

Negotiate tunnel parameters

•

Establish tunnels

•

Authenticate users and data

•

Manage security keys

•

Encrypt and decrypt data

•

Manage data transfer across the tunnel

•

Manage data transfer inbound and outbound as a tunnel endpoint or router