Configuring an address pool – Cisco ASA 5505 User Manual

69-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 69 Configuring Remote Access IPsec VPNs

Configuring Remote Access IPsec VPNs

Configuring an Address Pool

The ASA requires a method for assigning IP addresses to users. This section uses address pools as an
example. Use the command syntax in the following examples as a guide.

Step 3

crypto ikev1

policy priority hash {md5 |

sha

}

Example:

hostname(config)# crypto ikev1 policy 1

hash sha

hostname(config)#

Specifies the hash algorithm for an IKE policy (also called the
HMAC variant).

Step 4

crypto ikev1

policy priority group

{1 | 2 | 5}

Example:

hostname(config)# crypto ikev1 policy 1

group 2

hostname(config)#

Specifies the Diffie-Hellman group for the IKE policy—the
crypto protocol that allows the IPsec client and the ASA to
establish a shared secret key.

Step 5

crypto ikev1

policy priority lifetime

{seconds}

Example:

hostname(config)# crypto ikev1 policy 1

lifetime 43200

hostname(config)#

Specifies the encryption key lifetime—the number of seconds
each security association should exist before expiring.

The range for a finite lifetime is 120 to 2147483647 seconds.
Use 0 seconds for an infinite lifetime.

Step 6

crypto ikev1

enable interface-name

Example:

hostname(config)# crypto ikev1 enable

outside

hostname(config)#

Enables ISAKMP on the interface named outside.

Step 7

write memory

Example:

hostname(config-if)# write memory

Building configuration...

Cryptochecksum: 0f80bf71 1623a231 63f27ccf

8700ca6d

11679 bytes copied in 3.390 secs (3893

bytes/sec)

[OK]

hostname(config-if)#

Saves the changes to the configuration.

Command

Purpose