CHAPT ER
64-1
Cisco ASA 5500 Series Configuration Guide using the CLI
64
Configuring IPsec and ISAKMP
This chapter describes how to configure Internet Protocol Security (IPsec) and the Internet Security
Association and Key Management Protocol (ISAKMP) standards to build Virtual Private Networks
VPNs). It includes the following sections:
Information About Tunneling, IPsec, and ISAKMP, page64-1
Licensing Requirements for Remote Access IPsec VPNs, page64-3
Guidelines and Limitations, page64-8
Configuring ISAKMP, page64-8
Configuring Certificate Group Matching for IKEv1, page64-17
Configuring IPsec, page64-19
Clearing Security Associations, page64-34
Clearing Crypto Map Configurations, page64-35
Supporting the Nokia VPN Client, page64-35

Information About Tunneling, IPsec, and ISAKMP

Tunneling makes it possible to use a public TCP/IP network, such as the Internet, to create secure
connections between remote users and a private corporate network. Each secure connection is called a
tunnel.
The ASA uses the ISAKMP and IPsec tunneling standards to build and manage tunnels. ISAKMP and
IPsec accomplish the following:
Negotiate tunnel parameters
Establish tunnels
Authenticate users and data
Manage security keys
Encrypt and decrypt data
Manage data transfer across the tunnel
Manage data transfer inbound and outbound as a tunnel endpoint or router