62-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 62 VPN
VPN Wizard
–
Certificate Name—Choose the name that identifies the certificate the adaptive security
appliance sends to the remote peer. This list displays trustpoints with a certificate of the type
previously selected in the certificate signing algorithm list.
–
Challenge/response authentication (CRACK)—Provides strong mutual authentication when the
client authenticates using a popular method such as RADIUS and the server uses public key
authentication. The security appliance supports CRACK as an IKE option in order to
authenticate the Nokia VPN Client on Nokia 92xx Communicator Series devices.
• Tunnel Group Name—Type a name to create the record that contains tunnel connection policies for
this IPsec connection. A connection policy can specify authentication, authorization, and accounting
servers, a default group policy, and IKE attributes. A policy that you configure with this VPN wizard
specifies an authentication method, and uses the adaptive security appliance Default Group Policy.
By default, ASDM populates this field with the value of the Peer IP address. You can change this
name. Maximum 64 characters.
Modes
The following table shows the modes in which this feature is available:
IKE Policy
IKE, also called Internet Security Association and Key Management Protocol (ISAKMP), is the
negotiation protocol that lets two hosts agree on how to build an IPsec Security Association. Each IKE
negotiation is divided into two sections called Phase1 and Phase 2.
• Phase 1 creates the first tunnel, which protects later IKE negotiation messages.
• Phase 2 creates the tunnel that protects data.
Use the IKE Policy pane to set the terms of the Phase 1 IKE negotiations, which include the following:
• An encryption method to protect the data and ensure privacy.
• An authentication method to ensure the identity of the peers.
• A Diffie-Hellman group to establish the strength of the of the encryption-key-determination
algorithm. The adaptive security appliance uses this algorithm to derive the encryption and hash
keys.
Fields
• Encryption—Select the symmetric encryption algorithm the adaptive security appliance uses to
establish the Phase 1 SA that protects Phase 2 negotiations. The adaptive security appliance supports
the following encryption algorithms:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
Algorithm Explanation
DES Data Encryption Standard. Uses a 56-bit key.
3DES Triple DES. Performs encryption three times using a 56-bit key.
To Next Page
Loading...
Need help?
General
