Guidelines and limitations, Configuring isakmp – Cisco ASA 5505 User Manual
Page 1360
64-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 64 Configuring IPsec and ISAKMP
Guidelines and Limitations
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single context mode only. Does not support multiple context mode.
Firewall Mode Guidelines
Supported in routed firewall mode only. Does not support transparent firewall mode.
Failover Guidelines
IPsec VPN sessions are replicated in Active/Standby failover configurations only. Active/Active failover
configurations are not supported.
IPv6 Guidelines
Does not support IPv6.
Configuring ISAKMP
This section describes the Internet Security Association and Key Management Protocol (ISAKMP) and
the Internet Key Exchange (IKE) protocol.
This section includes the following topics:
•
Configuring IKEv1 and IKEv2 Policies, page 64-9
•
Enabling IKE on the Outside Interface, page 64-13
•
Disabling IKEv1 Aggressive Mode, page 64-13
•
Determining an ID Method for IKEv1 and IKEv2 ISAKMP Peers, page 64-13
•
Enabling IPsec over NAT-T, page 64-14
•
Enabling IPsec with IKEv1 over TCP, page 64-15
•
Waiting for Active Sessions to Terminate Before Rebooting, page 64-16
•