64-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter64 Configuring IPsec and ISAKMP
Guidelines and Limitations
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single context mode only. Does not support multiple context mode.
Firewall Mode Guidelines
Supported in routed firewall mode only. Does not support transparent firewall mode.
Failover Guidelines
IPsec VPN sessions are replicated in Active/Standby failover configurations only. Active/Active failover
configurations are not supported.
IPv6 Guidelines
Does not support IPv6.
Configuring ISAKMP
This section describes the Internet Security Association and Key Management Protocol (ISAKMP) and
the Internet Key Exchange (IKE) protocol.
This section includes the following topics:
Configuring IKEv1 and IKEv2 Policies, page64-9
Enabling IKE on the Outside Interface, page 64-13
Disabling IKEv1 Aggressive Mode, page64-13
Determining an ID Method for IKEv1 and IKEv2 ISAKMP Peers, page64-13
Enabling IPsec over NAT-T, page64-14
Enabling IPsec with IKEv1 over TCP, page64-15
Waiting for Active Sessions to Terminate Before Rebooting, page64-16
Alerting Peers Before Disconnecting, page64-16