Contents
xlvi
Cisco ASA 5500 Series Configuration Guide using the CLI
Configuring Support for Asymmetrically Routed Packets 63-18
Remote Command Execution 63-21
Changing Command Modes 63-22
Security Considerations 63-23
Limitations of Remote Command Execution 63-23
Controlling Failover 63-23
Forcing Failover 63-23
Disabling Failover 63-24
Restoring a Failed Unit or Failover Group 63-24
Testing the Failover Functionality 63-24
Monitoring Active/Active Failover 63-25
Feature History for Active/Active Failover 63-25
PART
16 Configuring VPN
CHAPTER
64 Configuring IPsec and ISAKMP 64-1
Information About Tunneling, IPsec, and ISAKMP 64-1
IPsec Overview 64-2
ISAKMP and IKE Overview 64-2
Licensing Requirements for Remote Access IPsec VPNs 64-3
Guidelines and Limitations 64-8
Configuring ISAKMP 64-8
Configuring IKEv1 and IKEv2 Policies 64-9
Enabling IKE on the Outside Interface 64-13
Disabling IKEv1 Aggressive Mode 64-13
Determining an ID Method for IKEv1 and IKEv2 ISAKMP Peers 64-13
Enabling IPsec over NAT-T 64-14
Using NAT-T 64-15
Enabling IPsec with IKEv1 over TCP 64-15
Waiting for Active Sessions to Terminate Before Rebooting 64-16
Alerting Peers Before Disconnecting 64-16
Configuring Certificate Group Matching for IKEv1 64-17
Creating a Certificate Group Matching Rule and Policy 64-17
Using the Tunnel-group-map default-group Command 64-19
Configuring IPsec 64-19
Understanding IPsec Tunnels 64-19
Understanding IKEv1 Transform Sets and IKEv2 Proposals 64-19
Defining Crypto Maps 64-20