Cisco SA520-K9 Administration Guide - Page 146
Local, Identifier Type, Identifier, Remote, IKE SA Parameters, Encryption Algorithm
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 146 highlights
Configuring VPN Advanced Configuration of IPsec VPN 7 STEP 4 In the Local area, enter the following information: • Identifier Type and Identifier: Choose the type of identifier for the local device, and then enter the ID in the text box. - Local WAN IP - Internet Address/FQDN - User FQDN - DER ASN1 DN. NOTE Typically, an IP address is used for site-to-site connections since the IP address or FQDN is well known. An IP address is required if you want to use Main Mode. For remote client connections, the User FQDN is never resolved but provides a means of identifying a client that can have different IP address depending on network that is used to make the connection. The DER ASN1 DN is used as an identifier when certificates are used for authentication. STEP 5 In the Remote area, enter the following information: • Identifier Type and Identifier: Choose the type of identifier for the local device, and then enter the ID in the text box. NOTE An IP address is required if you want to use Main Mode. STEP 6 In the IKE SA Parameters area, enter the information about the Security Association (SA) parameters, which define the strength and the mode for negotiating the SA. • Encryption Algorithm: The algorithm used to negotiate the SA. There are five algorithms supported by this router: DES, 3DES, AES-128, AES-192, and AES-256. • Authentication Algorithm: Specify the authentication algorithm for the VPN header. There are five algorithms supported by this router: MD5, SHA-1, SHA2-256, SHA2-384 and SHA2-512. NOTE Ensure that the authentication algorithm is configured identically on both sides. • Authentication Method: Select Pre-shared key for a simple password based key. Selecting RSA-Signature disables the pre-shared key text box and uses the Active Self Certificate uploaded in the Certificates page. In that case, a certificate must be configured in order for RSA-Signature to work. See Managing Certificates for Authentication, page 190. Cisco SA500 Series Security Appliances Administration Guide 146