Configuring lan-to-lan ipsec ikev1 attributes – Cisco ASA 5505 User Manual

Page 1444

Advertising
background image

67-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring Connection Profiles

For example, for the connection profile named docs, enter the following command:

hostname(config)# tunnel-group_docs general-attributes

hostname(config-tunnel-general)#

Step 2

Specify the name of the accounting-server group, if any, to use:

hostname(config-tunnel-general)# accounting-server-group groupname

hostname(config-tunnel-general)#

For example, the following command specifies the use of the accounting-server group acctgserv1:

hostname(config-tunnel-general)# accounting-server-group acctgserv1

hostname(config-tunnel-general)#

Step 3

Specify the name of the default group policy:

hostname(config-tunnel-general)# default-group-policy policyname

hostname(config-tunnel-general)#

For example, the following command specifies that the name of the default group policy is MyPolicy:

hostname(config-tunnel-general)# default-group-policy MyPolicy

hostname(config-tunnel-general)#

Configuring LAN-to-LAN IPsec IKEv1 Attributes

To configure the IPsec IKEv1 attributes, do the following steps:

Step 1

To configure the tunnel-group IPsec IKEv1 attributes, enter tunnel-group ipsec-attributes configuration
mode by entering the tunnel-group command with the IPsec-attributes keyword.

hostname(config)# tunnel-group tunnel-group-name ipsec-attributes

hostname(config-tunnel-ipsec)#

For example, the following command enters config-ipsec mode so you can configure the parameters for
the connection profile named TG1:

hostname(config)# tunnel-group TG1 ipsec-attributes

hostname(config-tunnel-ipsec)#

The prompt changes to indicate that you are now in tunnel-group ipsec-attributes configuration mode.

Step 2

Specify the preshared key to support IKEv1 connections based on preshared keys.

hostname(config-tunnel-ipsec)# ikev1 pre-shared-key key

hostname(config-tunnel-ipsec)#

For example, the following command specifies the preshared key XYZX to support IKEv1 connections
for an LAN-to-LAN connection profile:

hostname(config-tunnel-ipsec)# ikev1 pre-shared-key xyzx

hostname(config-tunnel-general)#

Step 3

Specify whether to validate the identity of the peer using the peer’s certificate:

hostname(config-tunnel-ipsec)# peer-id-validate option

hostname(config-tunnel-ipsec)#

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals