EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1755 background imageLoading...
Page #1755 background image
1-11
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Defining a Tunnel Group
This section describes how to configure a tunnel group, which is a set of records that contain tunnel
connection policies. You configure a tunnel group to identify AAA servers, specify connection
parameters, and define a default group policy. The ASA stores tunnel groups internally.
Command Purpose
To configure an IKEv1 transform set:
crypto ipsec ikev1 transform-set
transform-set-name encryption-method
[authentication]
Example:
hostname(config)# crypto ipsec transform set
FirstSet esp-3des esp-md5-hmac
hostname(config)#
Configures an IKEv1 transform set that specifies the IPsec IKEv1
encryption and hash algorithms to be used to ensure data integrity.
Use one of the following values for encryption:
• esp-aes to use AES with a 128-bit key.
• esp-aes-192 to use AES with a 192-bit key.
• esp-aes-256 to use AES with a 256-bit key.
• esp-des to use 56-bit DES-CBC.
• esp-3des to use triple DES algorithm.
• esp-null to not use encryption.
Use one of the following values for authentication:
• esp-md5-hmac to use the MD5/HMAC-128 as the hash algorithm.
• esp-sha-hmac to use the SHA/HMAC-160 as the hash algorithm.
• esp-none to not use HMAC authentication.
To configure an IKEv2 proposal:
crypto ipsec ikev2 ipsec-proposal
proposal_name
Then:
protocol {esp} {encryption {des | 3des | aes
| aes-192 | aes-256 | null} | integrity {md5
| sha-1}
Example:
hostname(config)# crypto ipsec ikev2
ipsec-proposal secure_proposal
hostname(config-ipsec-proposal)# protocol
esp encryption des integrity md5
Configures an IKEv2 proposal set that specifies the IPsec IKEv2
protocol, encryption, and integrity algorithms to be used.
esp specifies the Encapsulating Security Payload (ESP) IPsec protocol
(currently the only supported protocol for IPsec).
Use one of the following values for encryption:
• des to use 56-bit DES-CBC encryption for ESP.
• 3des (default) to use the triple DES encryption algorithm for ESP.
• aes to use AES with a 128-bit key encryption for ESP.
• aes-192 to use AES with a 192-bit key encryption for ESP.
• aes-256 to use AES with a 256-bit key encryption for ESP.
• null to not use encryption for ESP.
Use one of the following values for integrity:
• md5 specifies the md5 algorithm for the ESP integrity protection.
• sha-1 (default) specifies the Secure Hash Algorithm (SHA) SHA-1,
defined in the U.S. Federal Information Processing Standard (FIPS),
for ESP integrity protection.

Table of Contents

Other manuals for Cisco ASA Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals