Contents
xlvii
Cisco ASA 5500 Series Configuration Guide using the CLI
Applying Crypto Maps to Interfaces 64-26
Using Interface Access Lists 64-26
Changing IPsec SA Lifetimes 64-29
Creating a Basic IPsec Configuration 64-29
Using Dynamic Crypto Maps 64-31
Providing Site-to-Site Redundancy 64-34
Viewing an IPsec Configuration 64-34
Clearing Security Associations 64-34
Clearing Crypto Map Configurations 64-35
Supporting the Nokia VPN Client 64-35
CHAPTER
65 Configuring L2TP over IPsec 65-1
Information About L2TP over IPsec/IKEv1 65-1
IPsec Transport and Tunnel Modes 65-2
Licensing Requirements for L2TP over IPsec 65-3
Prerequisites for Configuring L2TP over IPsec 65-7
Guidelines and Limitations 65-7
Configuring L2TP over IPsec 65-8
Configuration Example for L2TP over IPsec Using ASA 8.2.5 65-17
Configuration Example for L2TP over IPsec Using ASA 8.4.1 and later 65-17
Feature History for L2TP over IPsec 65-18
CHAPTER
66 Setting General VPN Parameters 66-1
Configuring VPNs in Single, Routed Mode 66-1
Configuring IPsec to Bypass ACLs 66-1
Permitting Intra-Interface Traffic (Hairpinning) 66-2
NAT Considerations for Intra-Interface Traffic 66-3
Setting Maximum Active IPsec or SSL VPN Sessions 66-3
Using Client Update to Ensure Acceptable IPsec Client Revision Levels 66-4
Understanding Load Balancing 66-6
Comparing Load Balancing to Failover 66-7
Load Balancing 66-7
Failover 66-7
Implementing Load Balancing 66-7
Prerequisites 66-8
Eligible Platforms 66-8
Eligible Clients 66-8
VPN Load-Balancing Algorithm 66-8