Cisco SA520-K9 Administration Guide - Page 144
Advanced Configuration of IPsec VPN, Viewing the Basic Setting Defaults for IPsec VPN
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 144 highlights
Configuring VPN Advanced Configuration of IPsec VPN 7 Advanced Configuration of IPsec VPN The following topics are helpful for users who want to review and modify the settings that are created by the VPN Wizard. • Viewing the Basic Setting Defaults for IPsec VPN • Configuring the IKE Policies for IPsec VPN • Configuring the IPsec VPN Policies Viewing the Basic Setting Defaults for IPsec VPN To view the basic setting defaults that are configured by the Wizard, click VPN on the menu bar, and then click IPsec > Basic Setting Defaults. Configuring the IKE Policies for IPsec VPN The Internet Key Exchange (IKE) protocol is a negotiation protocol that includes an encryption method to protect data and ensure privacy. It is also an authentication method to verify the identity of devices that are trying to connect to your network. You can create IKE policies to define the security parameters such as authentication of the peer, encryption algorithms, etc. to be used in this process. You can choose whether to authenticate users from the User Database (see Configuring the User Database for the IPsec Remote Access VPN) or an external authentication server such as a RADIUS server (by choosing the IPsec Host option in the XAUTH field of this page. NOTE The VPN Wizard is the recommended method to create the corresponding IKE and VPN policies for a VPN tunnel. After the Wizard creates the matching IKE and VPN policies, you can make changes, as needed. Advanced users can create an IKE policy from Add but must be sure to use compatible encryption, authentication, and key-group parameters for the VPN policy. Cisco SA500 Series Security Appliances Administration Guide 144