Cisco ASA 5505 User Manual

Page 1532

Advertising
background image

69-8

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 69 Configuring Remote Access IPsec VPNs

Configuring Remote Access IPsec VPNs

Detailed Steps

Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface

This section describes the procedure to configure an ISAKMP policy on the outside interface and how
to enable the policy.

Detailed Steps

Perform the following steps and use the command syntax in the following examples as a guide.

Command

Purpose

Step 1

interface

{interface}

Example:

hostname(config)# interface ethernet0

hostname(config-if)#

Enters interface configuration mode from global configuration
mode.

Step 1

ip address

ip_address [mask] [standby

ip_address]

Example:

hostname(config)# interface ethernet0

hostname(config-if)#

hostname(config-if)# ip address

10.10.4.200 255.255.0.0

Sets the IP address and subnet mask for the interface.

Step 2

nameif

name

Example:

hostname(config-if)# nameif outside

hostname(config-if)#

Specifies a name for the interface (maximum of 48 characters).
You cannot change this name after you set it.

Step 3

shutdown

Example:

hostname(config-if)# no shutdown

hostname(config-if)#

Enables the interface. By default, interfaces are disabled.

Command

Purpose

Step 1

crypto ikev1 policy

priority

authentication

{crack | pre-share |

rsa-sig

}

Example:

hostname(config)# crypto ikev1 policy 1

authentication pre-share

hostname(config)#

Specifies the authentication method and the set of parameters to
use during IKEv1 negotiation.

Priority uniquely identifies the Internet Key Exchange (IKE)
policy and assigns a priority to the policy. Use an integer from 1
to 65,534, with 1 being the highest priority and 65,534 the lowest.

In this example and the steps that follow, we set the priority to 1.

Step 2

crypto ikev1

policy priority encryption

{aes | aes-192 | aes-256 | des | 3des}

Example:

hostname(config)# crypto ikev1 policy 1

encryption 3des

hostname(config)#

Specifies the encryption method to use within an IKE policy.

Advertising