62-8
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 62 VPN
VPN Wizard
For IPsec to succeed, both peers in the LAN-to-LAN connection must have compatible entries for hosts
and networks. The hosts and networks you configure as Local Hosts and Networks in this pane must be
configured as Remote Hosts and Networks on the device at the remote site for the LAN-to-LAN
connection. The local adaptive security appliance and the remote device must have at least one transform
set in common for this LAN-to-LAN connection.
The security appliance supports IPv6 for IKEv1 IPsec LAN-to-LAN VPN connections, including
support for both inside and outside networks using the inner and outer IP headers.
Fields
• Network Type—Choose IPv4 or IPv6.
• Local networks—Select the local hosts and networks.
• Remote networks—Select the remote hosts and networks.
• Exempt ASA side host/network from address translation—Allows traffic to pass through the
security appliance without address translation.
Modes
The following table shows the modes in which this feature is available:
Remote Access Client
Use the Remote Access Client pane to identify the type of remote access users this connection serves.
Fields
• Cisco VPN Client Version 3.x or higher, or other Easy VPN Remote product—Click for IPsec
connections, including compatible software and hardware clients other than those named here.
• Microsoft Windows client using L2TP over IPsec—Click to enable connections from Microsoft
Windows and Microsoft Windows Mobile clients over a public IP network. L2TP uses PPP over
UDP (port 1701) to tunnel the data. Enable one or more of the following PPP authentication
protocols:
–
PAP—Passes cleartext username and password during authentication and is not secure.
–
CHAP—In response to the server challenge, the client returns the encrypted [challenge plus
password] with a cleartext username. This protocol is more secure than the PAP, but it does not
encrypt data.
–
MS-CHAP, Version 1—Similar to CHAP but more secure in that the server stores and compares
only encrypted passwords rather than cleartext passwords as in CHAP.
–
MS-CHAP, Version 2—Contains security enhancements over MS-CHAP, Version 1.
–
EAP-Proxy—Enables EAP which permits the adaptive security appliance to proxy the PPP
authentication process to an external RADIUS authentication server.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
Need help?
General
