69-9
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter69 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Configuring an Address Pool
The ASA requires a method for assigning IP addresses to users. This section uses address pools as an
example. Use the command syntax in the following examples as a guide.
Step3 crypto ikev1 policy priority hash {md5 |
sha}
Example:
hostname(config)# crypto ikev1 polic y 1
hash sha
hostname(config)#
Specifies the hash algorithm for an IKE policy (also called the
HMAC variant).
Step4 crypto ikev1 policy priority group
{1 | 2 | 5}
Example:
hostname(config)# crypto ikev1 polic y 1
group 2
hostname(config)#
Specifies the Diffie-Hellman group for the IKE policy—the
crypto protocol that allows the IPsec client and the ASA to
establish a shared secret key.
Step5 crypto ikev1 policy priority lifetime
{seconds}
Example:
hostname(config)# crypto ikev1 polic y 1
lifetime 43200
hostname(config)#
Specifies the encryption key lifetime—the number of seconds
each security association should exist before expiring.
The range for a finite lifetime is 120 to 2147483647 seconds.
Use 0 seconds for an infinite lifetime.
Step6 crypto ikev1 enable interface-name
Example:
hostname(config)# crypto ikev1 enable
outside
hostname(config)#
Enables ISAKMP on the interface named outside.
Step7 write memory
Example:
hostname(config-if)# write memory
Building configuration...
Cryptochecksum: 0f80bf71 1623a231 63f27ccf
8700ca6d
11679 bytes copied in 3.390 secs (3893
bytes/sec)
[OK]
hostname(config-if)#
Saves the changes to the configuration.
Command Purpose