Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 IPsec IKEv1 Remote Access Wizard

6-2

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter6 VPN Wizards

IPsec IKEv1 Remote Access Wizard

packets, encapsulate them, and send them to the other end of the tunnel where they are unencapsulated

and sent to their final destination. It can also receive encapsulated packets, unencapsulate them, and send

them to their final destination.

The four VPN wizards described in this section are as follows:

•IPsec IKEv1 Remote Access Wizard

•IPsec Site-to-Site VPN Wizard

•AnyConnect VPN Wizard

•Clientless SSL VPN Wizard

IPsec IKEv1 Remote Access Wizard

Use the IKEv1 Remote Access Wizard to select remote access or LAN-to-LAN and to identify the

interface that connects to the remote IPsec peer. The tunnel type is automatically selected when the

wizard is started.

Fields

•Remote Access—Click to create a configuration that achieves secure remote access for VPN clients,

such as mobile users. This option lets remote users securely access centralized network resources.

When you select this option, the VPN wizard displays a series of panes that let you enter the

attributes a remote access VPN requires.

•VPN Tunnel Interface—Choose the interface that establishes a secure tunnel with the remote IPsec

peer. If the ASA has multiple interfaces, you need to plan the VPN configuration before running this

wizard, identifying the interface to use for each remote IPsec peer with which you plan to establish

a secure connection.

•Enable inbound IPsec sessions to bypass interface access lists—Enable IPsec authenticated inbound

sessions to always be permitted through the security appliance (that is, without a check of the

interface access-list statements). Be aware that the inbound sessions bypass only the interface ACLs.

Configured group-policy, user, and downloaded ACLs still apply.

Remote access users of various types can open VPN tunnels to this ASA. Choose the type of VPN client

for this tunnel.

Fields

•VPN Client Type

–

Cisco VPN Client, Release 3.x or higher, or other Easy VPN Remote product

–

Microsoft Windows client using L2TP over IPsec—Specify the PPP authentication protocol.

The choices are PAP, CHAP, MS-CHAP-V1, MS-CHAP-V2, and EAP-PROXY:

PAP—Passes cleartext username and password during authentication and is not secure.

CHAP—In response to the server challenge, the client returns the encrypted [challenge plus

password] with a cleartext username. This protocol is more secure than the PAP, but it does not

encrypt data.

Cisco Systems IPsec IKEv1 Remote Access Wizard