64-79
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 64 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
Fields
• Name—Specifies the name assigned to this tunnel group. For the Edit function, this field is
display-only.
• IKE Authentication—Specifies the pre-shared key and Identity certificate parameters to use when
authenticating an IKE peer.
–
Pre-shared Key—Specify the value of the pre-shared key for the tunnel group. The maximum
length of the pre-shared key is 128 characters.
–
Identity Certificate—Specifies the name of the ID certificate to use for authentication, if
available.
–
Manage—Opens the Manage Identity Certificates dialog box, on which you can see the
certificates that are already configured, add new certificates, show details for a certificate, and
edit or delete a certificate.
–
IKE Peer ID Validation—Specifies whether to check IKE peer ID validation. The default is
Required.
• IKE Keepalive ——Enables and configures IKE keepalive monitoring. You can select only one of
the following attributes.
–
Disable Keep Alives—Enables or disables IKE keep alives.
–
Monitor Keep Alives—Enables or disables IKE keep alive monitoring. Selecting this option
makes available the Confidence Interval and Retry Interval fields.
–
Confidence Interval—Specifies the IKE keep alive confidence interval. This is the number of
seconds the adaptive security appliance should allow a peer to idle before beginning keepalive
monitoring. The minimum is 10 seconds; the maximum is 300 seconds. The default for a remote
access group is 10 seconds.
–
Retry Interval—Specifies number of seconds to wait between IKE keep alive retries. The default
is 2 seconds.
–
Head end will never initiate keepalive monitoring—Specifies that the central-site adaptive
security appliance never initiates keepalive monitoring.
• Default Group Policy—Select the group policy and client protocols that you want to use as the
default for this connection. A VPN group policy is a collection of user-oriented attribute-value pairs
that can be stored internally on the device or externally on a RADIUS server. IPsec connections and
user accounts refer to the group-policy information.
–
Group Policy—Lists the currently configured group policies. The default value is
DfltGrpPolicy.
–
Manage—Opens the Configure Group Policies dialog box, on which you can view the
configured group policies and add, edit, or delete group policies from the list.
–
IPsec Protocol—Enables or disables the IPsec protocol for use by this group policy.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
Need help?
General
