Cisco ASA 5505 User Manual

Page 1406

Advertising
background image

65-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 65 Configuring L2TP over IPsec

Configuring L2TP over IPsec

Creating IKE Policies to Respond to Windows 7 Proposals

Windows 7 L2TP/IPsec clients send several IKE policy proposals to establish a VPN connection with
the ASA. Define one of the following IKE policies to facilitate connections from Windows 7 VPN native
clients.

Command

Purpose

Step 1

Detailed CLI Configuration Steps, page 65-13

Follow the

Detailed CLI Configuration

Steps

procedure through step

Step 18

. Add

the additional steps in this table to configure
the IKE policy for Windows 7 native VPN
clients.

Step 1

show run crypto ikev1

Example:

hostname(config)# show run crypto ikev1

Displays the attributes and the number of
any existing IKE policies.

Step 2

crypto ikev1 policy

number

Example:

hostname(config)# crypto ikev1 policy number

hostname(config-ikev1-policy)#

Allows you to configure an IKE policy. The
number argument specifies the number of
the IKE policy you are configuring. This
number was listed in the output of the

show

run crypto ikev1

command.

Step 3

authentication

Example:

hostname(config-ikev1-policy)# authentication pre-share

Sets the authentication method the ASA
uses to establish the identity of each IPsec
peer to use preshared keys.

Step 4

encryption

type

Example:

hostname(config-ikev1-policy)# encryption

{3des|aes|aes-256}

Choose a symmetric encryption method that
protects data transmitted between two IPsec
peers. For Windows 7 choose either 3des,
aes, for 128-bit AES, or aes-256.

Step 5

hash

Example:

hostname(config-ikev1-policy)# hash sha

Choose the hash algorithm that ensures data
integrity. For Windows 7, specify sha for the
SHA-1 algorithm.

Step 6

group

Example:

hostname(config-ikev1-policy)# group 5

Choose the Diffie-Hellman group identifier.
You can specify 5 for aes, aes-256, or 3des
encryption types. You can specify 2 only for
3des encryption types.

Step 7

lifetime

Example:

hostname(config-ikev1-policy)# lifetime 86400

Specify the SA lifetime in seconds. For
Windows 7, specify 86400 seconds to
represent 24 hours.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals