69-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter69 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Detailed Steps
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface
This section describes the procedure to configure an ISAKMP policy on the outside interface and how
to enable the policy.
Detailed Steps
Perform the following steps and use the command syntax in the following examples as a guide.
Command Purpose
Step1 interface {interface}
Example:
hostname(config)# interface ethernet0
hostname(config-if)#
Enters interface configuration mode from global configuration
mode.
Step1 ip address ip_address [mask] [standby
ip_address]
Example:
hostname(config)# interface ethernet0
hostname(config-if)#
hostname(config-if)# ip address
10.10.4.200 255.255.0.0
Sets the IP address and subnet mask for the interface.
Step2 nameif name
Example:
hostname(config-if)# nameif outside
hostname(config-if)#
Specifies a name for the interface (maximum of 48 characters).
You cannot change this name after you set it.
Step3 shutdown
Example:
hostname(config-if)# no shutdown
hostname(config-if)#
Enables the interface. By default, interfaces are disabled.
Command Purpose
Step1 crypto ikev1 policy priority
authentication {crack | pre-share |
rsa-sig}
Example:
hostname(config)# crypto ikev1 polic y 1
authentication pre-share
hostname(config)#
Specifies the authentication method and the set of parameters to
use during IKEv1 negotiation.
Priority uniquely identifies the Internet Key Exchange (IKE)
policy and assigns a priority to the policy. Use an integer from 1
to 65,534, with 1 being the highest priority and 65,534 the lowest.
In this example and the steps that follow, we set the priority to 1.
Step2 crypto ikev1 policy priority encryption
{aes | aes-192 | aes-256 | des | 3des}
Example:
hostname(config)# crypto ikev1 polic y 1
encryption 3des
hostname(config)#
Specifies the encryption method to use within an IKE policy.