VPN

8

 

Configuring IPsec Remote Access

 

 

 

 

 

WAN Interface: Choose the WAN port that traffic passes through over the VPN tunnel.

IKE Authentication Method: Choose the authentication method.

-Pre-shared Key: Uses a simple, password-based key to authenticate. If you choose this option, enter the desired value that remote VPN clients must provide to establish the VPN connections in the Password field. The pre-shared key must be entered exactly the same here and on the remote clients.

-Certificate: Uses the digital certificate from a third party Certificate Authority (CA) to authenticate. If you choose this option, select a CA certificate as the local certificate from the Local Certificate drop-down list and select a CA certificate as the remote certificate from the Peer Certificate drop-down list for authentication. The selected remote certificate on the IPsec VPN server must be set as the local certificate on remote VPN clients.

NOTE: You must have valid CA certificates imported on your security appliance before choosing this option. Go to the Device Management > Certificate Management page to import the CA certificates. See Managing Certificates for Authentication, page 418.

Mode: The Cisco VPN hardware client supports NEM (Network Extension Mode) and Client mode. The IPsec Remote Access group policy must be configured with the corresponding mode to allow only the Cisco VPN hardware clients in the same operation mode to be connected. For example, if you choose the Client mode for the group policy, only the Cisco VPN hardware clients in Client mode can be connected by using this group policy. For more information about the operation mode, see Modes of Operation, page 365.

-Choose Client for the group policy that is used for both the PC running the Cisco VPN Client software and the Cisco device acting as a Cisco VPN hardware client in Client mode. In Client mode, the IPsec VPN server can assign the IP addresses to the outside interfaces of remote VPN clients. To define the pool range for remote VPN clients, enter the starting and ending IP addresses in the Start IP and End IP fields.

-Choose NEM for the group policy that is only used for the Cisco device acting as a Cisco VPN hardware client in NEM mode.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

358

Page 358
Image 358
Casio ISA550WBUN3K9 manual Vpn