Contents
xix
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
MAC Address Table Overview 26-3
Adding a Static MAC Address 26-3
Setting the MAC Address Timeout 26-4
Disabling MAC Address Learning 26-4
Viewing the MAC Address Table 26-4
CHAPTER
27 Configuring IPSec and ISAKMP 27-1
Tunneling Overview 27-1
IPSec Overview 27-2
Configuring ISAKMP 27-2
ISAKMP Overview 27-2
Configuring ISAKMP Policies 27-5
Enabling ISAKMP on the Outside Interface 27-6
Disabling ISAKMP in Aggressive Mode 27-6
Determining an ID Method for ISAKMP Peers 27-6
Enabling IPSec over NAT-T 27-7
Using NAT-T 27-7
Enabling IPSec over TCP 27-8
Waiting for Active Sessions to Terminate Before Rebooting 27-9
Alerting Peers Before Disconnecting 27-9
Configuring Certificate Group Matching 27-9
Creating a Certificate Group Matching Rule and Policy 27-10
Using the Tunnel-group-map default-group Command 27-11
Configuring IPSec 27-11
Understanding IPSec Tunnels 27-11
Understanding Transform Sets 27-12
Defining Crypto Maps 27-12
Applying Crypto Maps to Interfaces 27-20
Using Interface Access Lists 27-20
Changing IPSec SA Lifetimes 27-22
Creating a Basic IPSec Configuration 27-22
Using Dynamic Crypto Maps 27-24
Providing Site-to-Site Redundancy 27-26
Viewing an IPSec Configuration 27-26
Clearing Security Associations 27-27
Clearing Crypto Map Configurations 27-27
Supporting the Nokia VPN Client 27-28
To Next Page
Loading...
