VPN

8

 

Configuring a Site-to-Site VPN

 

 

 

 

 

NOTE: Ensure that the authentication algorithm is configured identically on both sides.

Authentication: Specify the authentication method that the security appliance uses to establish the identity of each IPsec peer.

-Pre-shared Key: Uses a simple, password-based key to authenticate. The alpha-numeric key is shared with the IKE peer. Pre-shared keys do not scale well with a growing network but are easier to set up in a small network.

-RSA_SIG: Uses a digital certificate to authenticate. RSA_SIG is a digital certificate with keys generated by the RSA signatures algorithm. In this case, a certificate must be configured in order for the RSA-Signature to work.

D-H Group: Choose the Diffie-Hellman group identifier, which the two IPsec peers use to derive a shared secret without transmitting it to each other. The D-H Group sets the strength of the algorithm in bits. The lower the Diffie-Hellman group number, the less CPU time it requires to be executed. The higher the Diffie-Hellman group number, the greater the security.

-Group 2 (1024-bit)

-Group 5 (1536-bit)

-Group 14 (2048-bit)

Lifetime: Enter the number of seconds for the IKE Security Association (SA) to remain valid. As a general rule, a shorter lifetime provides more secure ISAKMP (Internet Security Association and Key Management Protocol) negotiations (up to a point). However, with shorter lifetimes, the security appliance sets up future IPsec SAs more quickly. The default value is 24 hours.

STEP 4 Click OK to save your settings.

STEP 5 Click Save to apply your settings.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

350

Page 350
Image 350
Casio ISA550WBUN3K9 manual Vpn