Configuring ipsec and isakmp, Information about tunneling, ipsec, and isakmp, C h a p t e r – Cisco ASA 5505 User Manual

Page 1353

C H A P T E R

64-1

Cisco ASA 5500 Series Configuration Guide using the CLI

Configuring IPsec and ISAKMP

This chapter describes how to configure Internet Protocol Security (IPsec) and the Internet Security
Association and Key Management Protocol (ISAKMP) standards to build Virtual Private Networks
VPNs). It includes the following sections:

•

Information About Tunneling, IPsec, and ISAKMP, page 64-1

•

Licensing Requirements for Remote Access IPsec VPNs, page 64-3

•

Guidelines and Limitations, page 64-8

•

Configuring ISAKMP, page 64-8

•

Configuring Certificate Group Matching for IKEv1, page 64-17

•

Configuring IPsec, page 64-19

•

Clearing Security Associations, page 64-34

•

Clearing Crypto Map Configurations, page 64-35

•

Supporting the Nokia VPN Client, page 64-35

Information About Tunneling, IPsec, and ISAKMP

Tunneling makes it possible to use a public TCP/IP network, such as the Internet, to create secure
connections between remote users and a private corporate network. Each secure connection is called a
tunnel.

The ASA uses the ISAKMP and IPsec tunneling standards to build and manage tunnels. ISAKMP and
IPsec accomplish the following:

•

Negotiate tunnel parameters

•

Establish tunnels

•

Authenticate users and data

•

Manage security keys

•

Encrypt and decrypt data

•

Manage data transfer across the tunnel

•

Manage data transfer inbound and outbound as a tunnel endpoint or router

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series